Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

usoepiz.exe/cgsinoh.exe


  • This topic is locked This topic is locked
16 replies to this topic

#1 itsnotyouitsme

itsnotyouitsme

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 20 October 2017 - 09:48 AM

Unable to run Panda Cloud Cleaner or PCHunter64. Program either do not open or close immediately.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-10-2017 01
Ran by Workshop (administrator) on WORKSHOP-PC (20-10-2017 07:39:02)
Running from E:\Users\Jaye B\Favorites\Downloads
Loaded Profiles: Workshop (Available Profiles: Workshop)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\spmcwhisvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) D:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) D:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Adobe Systems Inc.) D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Hewlett-Packard) D:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard) D:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Workshop\AppData\Local\usoepiz\usoepiz.exe
(DEVGURU Co., LTD.) D:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Workshop\AppData\Local\usoepiz\cgsinoh.exe
() C:\Users\Workshop\AppData\Local\usoepiz\cgsinoh.exe
() C:\Users\Workshop\AppData\Local\usoepiz\cgsinoh.exe
() C:\Users\Workshop\AppData\Local\usoepiz\cgsinoh.exe
() C:\Users\Workshop\AppData\Local\usoepiz\cgsinoh.exe
() C:\Users\Workshop\AppData\Local\usoepiz\cgsinoh.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907792 2012-07-18] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2015-12-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] => D:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => D:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Workshop\AppData\Roaming\Microsoft\Protect\ffa376-58a377-3cfc1732-bdced1-e0d0.rs" <==== ATTENTION
HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> E:\Users\JAYEB~1\FAVORI~1\DOWNLO~1\RKILL~1.SCR
Startup: C:\Users\Workshop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-06]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C720EF9C-1EE7-4D5C-A7FD-51095F18BC4B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C8819566-8B45-4EB7-ADA8-EB6689693604}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2105914770-4202919322-4210220155-1000 -> {D46A9531-29B3-4B8F-8EB2-D75B023EF329} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-05] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-05] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> D:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-05] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL => No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-05] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> D:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Workshop\AppData\Roaming\Mozilla\Firefox\Profiles\srngem8a.default-1433722778399 [2017-10-20]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\srngem8a.default-1433722778399 -> Google
FF Homepage: Mozilla\Firefox\Profiles\srngem8a.default-1433722778399 -> hxxps://www.yahoo.com/
FF Extension: (Adblock Plus) - C:\Users\Workshop\AppData\Roaming\Mozilla\Firefox\Profiles\srngem8a.default-1433722778399\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-02-18]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - D:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - D:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-08-10] [not signed]
FF HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - D:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-19] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-19] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> D:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> D:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> D:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~3\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> D:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> D:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-13] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Default [2017-10-18]
CHR Extension: (Slides) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Docs) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Google Drive) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-18]
CHR Extension: (YouTube) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-08-13]
CHR Extension: (Sheets) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (Google Docs Offline) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-18]
CHR Extension: (Gmail) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-18]
CHR Extension: (Chrome Media Router) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-18]
CHR Profile: C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-10-18]
CHR Extension: (Google Slides) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-20]
CHR Extension: (Google Docs) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-20]
CHR Extension: (Google Drive) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-18]
CHR Extension: (YouTube) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-20]
CHR Extension: (Google Search) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-20]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-06-20]
CHR Extension: (Google Sheets) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-20]
CHR Extension: (Google Docs Offline) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-07]
CHR Extension: (Sneakerbots4all Eastbay and FL Auto Checkout) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kkikcpcodpnafiabcdmigmgekggfdoja [2015-06-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-07]
CHR Extension: (Gmail) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-20]
CHR Profile: C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-18]
CHR Extension: (Google Slides) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-20]
CHR Extension: (Google Docs) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-20]
CHR Extension: (Google Drive) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-20]
CHR Extension: (YouTube) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-20]
CHR Extension: (Google Search) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-20]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-06-20]
CHR Extension: (Google Sheets) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-20]
CHR Extension: (Google Wallet) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-20]
CHR Extension: (Gmail) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-20]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-12-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 gupdate; D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-05-30] (Google Inc.)
S3 gupdatem; D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-05-30] (Google Inc.)
R3 hpqcxs08; D:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; D:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; D:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-06] (NVIDIA Corporation)
R2 NvTelemetryContainer; D:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-10-10] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2130440 2016-09-15] (Electronic Arts)
S2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [2195472 2016-09-15] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies)
R2 ss_conn_service; D:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-15] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
S3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1485824 2009-02-13] (Conexant Systems, Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-17] (REALiX™)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [3008144 2012-11-02] (Realtek Semiconductor Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-10-10] (NVIDIA Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2017-02-11] (BigNox Corporation)
S3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
S3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 MBAMSwissArmy; \SystemRoot\System32\Drivers\mbamswissarmy.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-20 07:38 - 2017-10-20 07:39 - 000000000 ____D C:\FRST
2017-10-20 07:19 - 2017-10-20 07:19 - 000116560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\upkfimps.sys
2017-10-19 22:59 - 2017-10-19 22:59 - 000002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-10-19 22:59 - 2017-10-19 22:59 - 000000000 ____D C:\ProgramData\Sophos
2017-10-19 22:59 - 2017-10-19 22:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-10-19 22:36 - 2017-10-19 22:46 - 000002204 _____ C:\Users\Workshop\Desktop\Rkill.txt
2017-10-19 22:27 - 2017-10-19 22:27 - 000000000 ____D C:\Users\Workshop\Desktop\mbar
2017-10-19 22:18 - 2017-10-19 22:44 - 000001248 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2017-10-19 22:18 - 2017-10-19 22:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2017-10-19 22:18 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\DasPtct.SYS
2017-10-19 22:18 - 2015-01-29 18:21 - 000050320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2017-10-19 16:27 - 2017-10-19 22:12 - 000000000 ____D C:\Users\Workshop\AppData\Local\ESET
2017-10-19 15:56 - 2017-10-19 15:56 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-10-19 15:04 - 2017-10-19 15:04 - 000000000 ____D C:\Users\Workshop\AppData\Local\CrashDumps
2017-10-18 19:09 - 2017-10-20 07:30 - 000000000 ____D C:\Users\Workshop\AppData\Local\usoepiz
2017-10-18 19:09 - 2017-10-20 07:30 - 000000000 ____D C:\Users\Workshop\AppData\Local\mscdvxz
2017-10-18 18:13 - 2017-10-20 07:19 - 002843648 _____ (TOSHIBA CORPORATION) C:\Windows\system32\spmcwhisvc.exe
2017-10-18 18:12 - 2017-10-18 18:12 - 000000020 _____ C:\Windows\b23089256
2017-10-18 18:12 - 2017-10-18 18:12 - 000000000 ____D C:\Windows\SysWOW64\nihaxgt
2017-10-18 18:12 - 2017-10-18 18:12 - 000000000 ____D C:\Windows\system32\nihaxgt
2017-10-18 18:12 - 2017-10-18 18:12 - 000000000 ____D C:\Users\Workshop\AppData\Roaming\et
2017-10-18 18:11 - 2017-10-18 18:11 - 000140800 _____ C:\Users\Workshop\AppData\Local\installer.dat
2017-10-18 09:41 - 2017-10-19 19:17 - 000000000 ____D C:\Windows\AutoKMS
2017-10-18 09:41 - 2017-10-19 16:15 - 000003606 _____ C:\Windows\System32\Tasks\AutoKMS
2017-10-18 09:40 - 2017-10-16 09:16 - 000270608 _____ (BigNox Corporation) C:\Windows\system32\Drivers\YSDrv.sys
2017-10-18 09:38 - 2017-10-10 18:07 - 000057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-10-18 09:26 - 2017-10-06 06:32 - 000531904 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-10-18 09:26 - 2017-10-06 06:32 - 000437696 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-10-18 09:26 - 2017-10-06 04:52 - 000136312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-10-18 09:26 - 2017-10-06 04:44 - 005960312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-10-18 09:26 - 2017-10-06 04:44 - 002587584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-10-18 09:26 - 2017-10-06 04:44 - 001766520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-10-18 09:26 - 2017-10-06 04:44 - 000607168 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-10-18 09:26 - 2017-10-06 04:44 - 000449656 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-10-18 09:26 - 2017-10-06 04:44 - 000122816 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-10-18 09:26 - 2017-10-06 04:44 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-10-18 09:26 - 2017-09-29 08:02 - 008257351 _____ C:\Windows\system32\nvcoproc.bin
2017-10-18 09:26 - 2017-09-13 16:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-10-18 09:26 - 2017-09-13 16:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-10-18 09:26 - 2017-09-13 16:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll
2017-10-18 09:26 - 2017-09-13 16:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe
2017-10-18 09:25 - 2017-10-09 05:20 - 001615472 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-10-18 09:25 - 2017-10-09 05:20 - 000225208 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-10-18 09:25 - 2017-10-09 05:20 - 000045496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 040237176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 036184000 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 035156600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 029228480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 023261256 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 021738976 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 019035344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 019008624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 018203456 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 016751224 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-10-18 09:25 - 2017-10-06 06:32 - 015024912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 013863000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 013251240 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 011777952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 010880672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 004283120 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 003807864 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 003796960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 003346368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 001988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438792.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 001606776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438792.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 001135280 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 001098360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 001030264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000981112 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000932472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000885496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000615360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000527104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000505976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000492048 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000444328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000407248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000171896 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000154392 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000149736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000132256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000046182 _____ C:\Windows\system32\nvinfo.pb
2017-10-18 09:25 - 2017-10-06 06:32 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-10-18 09:25 - 2017-10-06 06:32 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2017-10-18 09:20 - 2017-10-18 09:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-10-18 09:20 - 2017-10-18 09:20 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-18 09:20 - 2017-10-18 09:20 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-18 09:20 - 2017-10-18 09:20 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-18 09:20 - 2017-10-18 09:20 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-18 09:20 - 2017-10-18 09:20 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-18 09:20 - 2017-10-18 09:20 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-18 09:20 - 2017-10-18 09:20 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-18 09:20 - 2017-10-18 09:20 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-18 09:20 - 2017-10-18 09:20 - 000001013 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-10-18 09:20 - 2017-10-18 09:20 - 000000000 ____D C:\Users\Workshop\AppData\Local\CEF
2017-10-18 09:20 - 2017-10-10 16:26 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-10-18 09:20 - 2017-10-06 05:17 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2017-10-18 09:08 - 2017-10-10 18:07 - 000918976 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2017-10-18 09:08 - 2015-05-18 20:29 - 000046768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-10-18 09:08 - 2015-05-18 20:14 - 000061616 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-10-18 09:08 - 2015-05-18 20:14 - 000057520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-10-16 09:17 - 2017-10-16 09:17 - 000000066 _____ C:\Users\Workshop\inittk.ini
2017-10-16 09:16 - 2017-10-18 19:23 - 000000000 ____D C:\Users\Workshop\.BigNox
2017-10-16 09:16 - 2017-10-16 22:50 - 000000890 _____ C:\Users\Workshop\Desktop\Multi-Drive.lnk
2017-10-16 09:16 - 2017-10-16 13:23 - 000000929 _____ C:\Users\Workshop\Desktop\Nox.lnk
2017-10-14 12:45 - 2017-10-14 12:45 - 000433141 _____ C:\Users\Workshop\Desktop\Cell Bill.pdf
2017-10-13 13:01 - 2017-10-13 13:01 - 472414492 _____ C:\Windows\MEMORY.DMP
2017-10-11 15:55 - 2017-10-20 07:10 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-11 15:55 - 2017-10-11 16:05 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-10-11 15:55 - 2017-10-11 15:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-11 15:55 - 2017-10-11 15:55 - 000000000 ____D C:\ProgramData\MB2Migration
2017-10-11 15:55 - 2017-10-11 15:55 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-11 00:16 - 2017-10-11 00:16 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-10-10 18:43 - 2017-09-13 08:33 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-10-10 18:43 - 2017-09-13 08:32 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-10-10 18:43 - 2017-09-13 08:32 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-10-10 18:43 - 2017-09-13 08:32 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-10-10 18:43 - 2017-09-13 08:32 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-10-10 18:43 - 2017-09-13 08:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000886272 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-10-10 18:43 - 2017-09-13 08:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-10-10 18:43 - 2017-09-13 08:10 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:05 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-10-10 18:43 - 2017-09-13 08:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-10-10 18:43 - 2017-09-13 08:00 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-10-10 18:43 - 2017-09-13 08:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-10-10 18:43 - 2017-09-13 08:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-10-10 18:43 - 2017-09-13 07:57 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-10-10 18:43 - 2017-09-13 07:56 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-10-10 18:43 - 2017-09-13 07:53 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-10-10 18:43 - 2017-09-13 07:53 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-10-10 18:43 - 2017-09-13 07:53 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-10-10 18:43 - 2017-09-13 07:52 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-10-10 18:43 - 2017-09-13 07:52 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-10-10 18:43 - 2017-09-13 07:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-10-10 18:43 - 2017-09-13 07:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-10-10 18:43 - 2017-09-13 07:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-10-10 18:43 - 2017-09-13 07:46 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-10-10 18:43 - 2017-09-13 07:46 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-10-10 18:43 - 2017-09-13 07:46 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 07:46 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 07:46 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 07:46 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 07:46 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-10-10 18:43 - 2017-09-08 17:45 - 000395984 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-10-10 18:43 - 2017-09-08 16:47 - 000347344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-10-10 18:43 - 2017-09-08 08:34 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-10-10 18:43 - 2017-09-08 08:30 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-10-10 18:43 - 2017-09-08 08:30 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-10-10 18:43 - 2017-09-08 08:30 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-10-10 18:43 - 2017-09-08 08:30 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-10-10 18:43 - 2017-09-08 08:30 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-10-10 18:43 - 2017-09-08 08:30 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-10-10 18:43 - 2017-09-08 08:30 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-10-10 18:43 - 2017-09-08 08:30 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-10-10 18:43 - 2017-09-08 08:30 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-10-10 18:43 - 2017-09-08 08:30 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-10-10 18:43 - 2017-09-08 08:30 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-10-10 18:43 - 2017-09-08 08:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-10-10 18:43 - 2017-09-08 08:14 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-10-10 18:43 - 2017-09-08 08:13 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-10-10 18:43 - 2017-09-08 08:13 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-10-10 18:43 - 2017-09-08 08:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-10-10 18:43 - 2017-09-08 08:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-10-10 18:43 - 2017-09-08 08:10 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-10-10 18:43 - 2017-09-08 08:10 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-10-10 18:43 - 2017-09-08 08:09 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-10-10 18:43 - 2017-09-08 08:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-10-10 18:43 - 2017-09-08 08:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-10-10 18:43 - 2017-09-08 08:09 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-10-10 18:43 - 2017-09-08 08:09 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-10-10 18:43 - 2017-09-08 08:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-10-10 18:43 - 2017-09-08 08:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-10-10 18:43 - 2017-09-08 08:00 - 003222016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-10-10 18:43 - 2017-09-08 08:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-10-10 18:43 - 2017-09-08 08:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-10-10 18:43 - 2017-09-08 07:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-10-10 18:43 - 2017-09-08 07:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-10-10 18:43 - 2017-09-08 07:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-10-10 18:43 - 2017-09-08 07:20 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-10-10 18:43 - 2017-09-08 07:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-10-10 18:43 - 2017-09-07 14:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-10-10 18:43 - 2017-09-07 14:37 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-10-10 18:43 - 2017-09-07 14:19 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-10-10 18:43 - 2017-09-07 14:18 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-10-10 18:43 - 2017-09-07 14:18 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-10-10 18:43 - 2017-09-07 14:17 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-10-10 18:43 - 2017-09-07 14:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-10-10 18:43 - 2017-09-07 14:15 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-10-10 18:43 - 2017-09-07 14:08 - 025729536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-10-10 18:43 - 2017-09-07 14:08 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-10-10 18:43 - 2017-09-07 14:07 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-10-10 18:43 - 2017-09-07 14:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-10-10 18:43 - 2017-09-07 14:01 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-10-10 18:43 - 2017-09-07 14:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-10-10 18:43 - 2017-09-07 14:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-10-10 18:43 - 2017-09-07 14:00 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-10-10 18:43 - 2017-09-07 13:52 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-10-10 18:43 - 2017-09-07 13:48 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-10-10 18:43 - 2017-09-07 13:40 - 005982208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-10-10 18:43 - 2017-09-07 13:39 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-10-10 18:43 - 2017-09-07 13:38 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-10-10 18:43 - 2017-09-07 13:37 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-10-10 18:43 - 2017-09-07 13:33 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-10-10 18:43 - 2017-09-07 13:32 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-10-10 18:43 - 2017-09-07 13:29 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-10-10 18:43 - 2017-09-07 13:27 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-10-10 18:43 - 2017-09-07 13:13 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-10-10 18:43 - 2017-09-07 13:10 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-10-10 18:43 - 2017-09-07 13:10 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-10-10 18:43 - 2017-09-07 13:08 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-10-10 18:43 - 2017-09-07 13:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-10-10 18:43 - 2017-09-07 12:44 - 015262720 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-10-10 18:43 - 2017-09-07 12:40 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-10-10 18:43 - 2017-09-07 12:27 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-10-10 18:43 - 2017-09-07 12:27 - 001548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-10-10 18:43 - 2017-09-07 12:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-10-10 18:43 - 2017-09-07 12:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-10-10 18:43 - 2017-09-07 12:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-10-10 18:43 - 2017-09-07 12:10 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-10-10 18:43 - 2017-09-07 12:10 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-10-10 18:43 - 2017-09-07 12:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-10-10 18:43 - 2017-09-07 12:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-10-10 18:43 - 2017-09-07 12:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-10-10 18:43 - 2017-09-07 12:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-10-10 18:43 - 2017-09-07 12:02 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-10-10 18:43 - 2017-09-07 11:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-10-10 18:43 - 2017-09-07 11:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-10-10 18:43 - 2017-09-07 11:58 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-10-10 18:43 - 2017-09-07 11:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-10-10 18:43 - 2017-09-07 11:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-10-10 18:43 - 2017-09-07 11:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-10-10 18:43 - 2017-09-07 11:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-10-10 18:43 - 2017-09-07 11:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-10-10 18:43 - 2017-09-07 11:40 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-10-10 18:43 - 2017-09-07 11:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-10-10 18:43 - 2017-09-07 11:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-10-10 18:43 - 2017-09-07 11:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-10-10 18:43 - 2017-09-07 11:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-10-10 18:43 - 2017-09-07 11:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-10-10 18:43 - 2017-09-07 11:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-10-10 18:43 - 2017-09-07 11:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-10-10 18:43 - 2017-09-07 11:25 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-10-10 18:43 - 2017-09-07 11:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-10-10 18:43 - 2017-09-07 11:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-10-10 18:43 - 2017-09-07 10:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-10-10 18:43 - 2017-09-07 10:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-10-10 18:43 - 2017-09-07 08:31 - 002851328 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2017-10-10 18:43 - 2017-09-07 08:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2017-10-10 18:43 - 2017-09-07 07:55 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-10-10 18:43 - 2017-09-07 07:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-10-10 18:43 - 2017-09-07 07:55 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-10-10 18:43 - 2017-08-19 08:28 - 004121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-10-10 18:43 - 2017-08-19 08:28 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-10-10 18:43 - 2017-08-19 08:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-10-10 18:43 - 2017-08-19 08:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-10-10 18:43 - 2017-08-19 08:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-10-10 18:43 - 2017-08-19 08:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-10-10 18:43 - 2017-08-19 08:08 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-10-10 18:43 - 2017-08-19 08:08 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-10-10 18:43 - 2017-08-19 07:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-10-10 18:43 - 2017-08-19 07:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-10-10 18:43 - 2017-08-14 10:35 - 001032192 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-10-10 18:43 - 2017-08-14 10:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-10-10 18:43 - 2017-08-14 10:35 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-10-10 18:43 - 2017-08-13 14:45 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-10-04 17:10 - 2017-10-04 17:42 - 000000000 ____D C:\Users\Workshop\Downloads\Freaks VS Big Dick 5
2017-09-23 15:11 - 2017-09-23 15:11 - 000520687 _____ C:\Users\Workshop\Desktop\Page4.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-20 07:38 - 2009-07-13 19:34 - 032243712 _____ C:\Windows\system32\config\HARDWARE
2017-10-20 07:26 - 2009-07-13 22:13 - 000799374 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-20 07:26 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2017-10-20 07:24 - 2016-11-23 15:12 - 000000000 ____D C:\Users\Workshop\AppData\LocalLow\Mozilla
2017-10-20 07:19 - 2015-04-29 13:18 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-20 07:19 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-20 07:19 - 2009-07-13 21:45 - 000019680 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-20 07:19 - 2009-07-13 21:45 - 000019680 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-20 07:18 - 2015-02-18 20:05 - 000000000 ____D C:\Windows\pss
2017-10-20 07:08 - 2015-02-18 19:41 - 000758552 _____ C:\Windows\ntbtlog.txt
2017-10-20 06:39 - 2015-05-30 03:47 - 000002063 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-10-20 06:39 - 2015-05-30 03:47 - 000002063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-20 06:39 - 2015-02-16 21:10 - 000001291 _____ C:\Users\Workshop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-10-19 22:53 - 2016-10-06 16:05 - 009534160 _____ (一普明为北京信息技术有限公司) C:\Users\Workshop\Desktop\PrImIri.exe
2017-10-19 22:16 - 2017-03-29 06:21 - 000000000 ____D C:\32788R22FWJFW
2017-10-19 19:17 - 2015-10-16 08:53 - 000000000 ____D C:\Users\Workshop\Desktop\Windows 8.1 Pro Vl Update 3 x64 En-Us ESD Sept2015 Pre-activated-=TEAM OS=
2017-10-19 19:14 - 2015-11-02 14:21 - 000000000 ____D C:\Users\Workshop\Desktop\Malwarebytes Anti-Malware Premium 2.2.0.1024 Final Multilingual incl Keygen-=TEAM OS=-
2017-10-19 19:14 - 2015-10-28 14:25 - 000000000 ____D C:\Users\Workshop\Desktop\KMSpico v10.0.4 (Office and windows activator) [TechTools.NET]
2017-10-19 19:14 - 2015-10-27 19:31 - 000000000 ____D C:\Users\Workshop\Desktop\KMSpico 10.1.1 FINAL + Portable (Office and Windows 10 Activator) [TechTools.NET]
2017-10-19 19:14 - 2015-10-23 14:45 - 000000000 ____D C:\Users\Workshop\Desktop\adbFire
2017-10-19 19:13 - 2015-05-12 19:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2017-10-19 19:13 - 2015-05-12 19:59 - 000000000 ____D C:\Program Files\KMSpico
2017-10-19 15:05 - 2017-03-28 20:40 - 000000000 ____D C:\Users\Workshop\AppData\Roaming\Kodi
2017-10-19 08:19 - 2015-03-27 12:29 - 000000000 ____D C:\Users\Workshop\AppData\Roaming\uTorrent
2017-10-18 22:32 - 2017-02-11 10:20 - 000000000 ____D C:\Users\Workshop\AppData\Local\Nox
2017-10-18 19:23 - 2015-06-26 12:19 - 000000000 ____D C:\Users\Workshop\.android
2017-10-18 19:23 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\registration
2017-10-18 19:22 - 2017-02-11 10:21 - 000000000 ____D C:\Users\Workshop\vmlogs
2017-10-18 19:09 - 2016-02-15 04:22 - 000000000 ____D C:\Users\Workshop\AppData\LocalLow\uTorrent
2017-10-18 18:11 - 2015-02-16 22:01 - 000001049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-10-18 12:25 - 2015-03-28 15:31 - 000000000 ____D C:\Users\Workshop\AppData\Local\NVIDIA Corporation
2017-10-18 09:42 - 2015-04-29 14:14 - 000000000 ____D C:\Users\Workshop\AppData\Local\NVIDIA
2017-10-18 09:40 - 2017-02-11 10:21 - 000000000 ____D C:\Program Files\DIFX
2017-10-18 09:40 - 2015-02-21 00:15 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
2017-10-18 09:38 - 2015-02-16 22:28 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-10-18 09:38 - 2015-02-16 22:24 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-10-18 09:32 - 2015-11-06 02:45 - 000000000 ____D C:\Users\Workshop\Desktop\Helter Skelter
2017-10-18 09:26 - 2015-02-16 22:28 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-10-18 09:26 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\Help
2017-10-18 09:25 - 2015-04-29 14:38 - 000000000 ____D C:\Users\Workshop\AppData\Roaming\NVIDIA
2017-10-16 21:38 - 2016-06-09 08:17 - 000000000 ____D C:\Users\Workshop\AppData\Roaming\ICQ
2017-10-16 09:17 - 2015-02-16 21:09 - 000000000 ____D C:\Users\Workshop
2017-10-15 17:37 - 2016-10-20 14:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-15 17:37 - 2015-02-16 22:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-14 17:02 - 2017-09-16 19:38 - 000000632 _____ C:\Users\Workshop\.swfinfo
2017-10-12 00:38 - 2015-02-18 11:43 - 000000000 ____D C:\Users\Workshop\AppData\Roaming\vlc
2017-10-11 15:55 - 2015-02-24 17:46 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-11 09:51 - 2009-07-13 21:45 - 000442384 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-11 00:18 - 2015-05-12 19:12 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-10-11 00:18 - 2015-02-16 22:45 - 000000000 ____D C:\Windows\system32\MRT
2017-10-11 00:18 - 2009-07-13 19:34 - 000000513 _____ C:\Windows\win.ini
2017-10-11 00:16 - 2015-02-16 22:45 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-10-11 00:15 - 2015-02-16 22:28 - 000791496 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-10-11 00:12 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-10-11 00:03 - 2016-12-23 18:47 - 000000000 ____D C:\Users\Workshop\AppData\Local\JDownloader v2.0
2017-10-10 18:07 - 2015-04-29 14:15 - 001796032 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-10-10 18:07 - 2015-04-29 14:15 - 001577920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-10-05 12:12 - 2015-11-13 14:32 - 000000000 ____D C:\Users\Workshop\Desktop\Scripts
2017-09-30 10:18 - 2017-04-28 20:11 - 000000000 ____D C:\Users\Workshop\AppData\Roaming\discord

==================== Files in the root of some directories =======

2016-03-02 10:33 - 2016-03-04 20:32 - 000002157 _____ () C:\Users\Workshop\AppData\Roaming\Ultima Mapper Client.xml
2017-10-18 18:11 - 2017-10-18 18:11 - 000140800 _____ () C:\Users\Workshop\AppData\Local\installer.dat
2015-02-18 20:04 - 2015-02-23 07:19 - 000007601 _____ () C:\Users\Workshop\AppData\Local\Resmon.ResmonCfg
2016-08-03 15:24 - 2016-08-03 15:24 - 000000000 _____ () C:\Users\Workshop\AppData\Local\run.txt
2016-08-03 15:26 - 2016-08-03 15:26 - 000000001 _____ () C:\Users\Workshop\AppData\Local\setupsuccessful.txt
2016-08-03 15:24 - 2016-08-03 15:26 - 000000000 _____ () C:\Users\Workshop\AppData\Local\stxtname.txt
2015-02-22 10:20 - 2017-08-07 15:13 - 000023875 _____ () C:\ProgramData\hpzinstall.log
2015-08-25 12:45 - 2015-08-25 12:45 - 000000148 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-10-26 19:47 - 2015-10-26 19:47 - 000000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Some files in TEMP:
====================
2017-10-18 18:09 - 2017-10-18 18:09 - 000061440 _____ (The Gentee Group) C:\Users\Workshop\AppData\Local\Temp\genteert.dll
2017-10-18 09:25 - 2015-06-16 23:03 - 001366208 _____ (NVIDIA Corporation) C:\Users\Workshop\AppData\Local\Temp\nvSCPAPI64.dll
2017-10-18 09:25 - 2015-06-16 23:03 - 000789648 _____ (NVIDIA Corporation) C:\Users\Workshop\AppData\Local\Temp\nvStInst.exe
2017-10-18 09:42 - 2017-10-18 09:42 - 001066336 _____ (Microsoft Corporation) C:\Users\Workshop\AppData\Local\Temp\PidGenX.dll
2017-10-11 00:02 - 2017-10-11 00:02 - 000040448 ____N () C:\Users\Workshop\AppData\Local\Temp\proxy_vole2133018809777712560.dll
2017-10-11 00:02 - 2017-10-11 00:02 - 000040448 ____N () C:\Users\Workshop\AppData\Local\Temp\proxy_vole6330713444704043229.dll
2017-10-11 00:03 - 2017-10-11 00:03 - 000040448 ____N () C:\Users\Workshop\AppData\Local\Temp\proxy_vole9051751543553879737.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-28 01:03

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2017 01
Ran by Workshop (20-10-2017 07:39:28)
Running from E:\Users\Jaye B\Favorites\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2015-02-17 04:09:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2105914770-4202919322-4210220155-500 - Administrator - Disabled)
Guest (S-1-5-21-2105914770-4202919322-4210220155-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2105914770-4202919322-4210220155-1002 - Limited - Enabled)
Workshop (S-1-5-21-2105914770-4202919322-4210220155-1000 - Administrator - Enabled) => C:\Users\Workshop

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\...\uTorrent) (Version: 3.4.5.41801 - BitTorrent Inc.)
6300 (HKLM-x32\...\{BC39DBA4-D1B7-483C-BA0D-9EB0BB0B6DCF}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
6300_Help (HKLM-x32\...\{BDEDBDD9-C97B-4333-B7BE-6979A34F6F74}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
6300Trb (HKLM-x32\...\{17271AB7-D7EC-4a95-9861-FAFE5A4664AD}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.14 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\{1194343F-ACFE-4AB4-B1C0-C1E913B729BF}_is1) (Version: 3.8.2662 - Microsoft Studios, Tolyak26)
AIO_CDB_ProductContext (HKLM-x32\...\{E7112940-5F8E-4918-B9FE-251F2F8DC81F}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (HKLM-x32\...\{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 387.92 - NVIDIA Corporation) Hidden
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version:  - Cheat Engine)
Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell System Detect (HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\...\73f463568823ebbe) (Version: 6.7.0.2 - Dell)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
Discord (HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Fax (HKLM-x32\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.238 - SurfRight B.V.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (HKLM-x32\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM-x32\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
ICQ (version 10.0.12233) (HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\...\icq.desktop) (Version: 10.0.12233 - ICQ)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Jitbit Macro Recorder (HKLM-x32\...\{2D57FB4E-6277-4A6D-8739-304C38051B89}) (Version: 1.0.0 - JitBit)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Kodi (HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\...\Kodi) (Version:  - XBMC-Foundation)
Magestorm (HKLM-x32\...\Magestorm) (Version: 1.3.0.0 - Magestorm)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 56.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0.1 (x64 en-US)) (Version: 56.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.1.6484 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Nox APP Player (HKLM-x32\...\Nox) (Version: 5.2.0.0 - Duodian Technology Co. Ltd.)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 387.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 387.92 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 387.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 387.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Origin (HKLM-x32\...\Origin) (Version: 10.0.1.31806 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.10 - Panda Security)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5931 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16011.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16011.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Shark007 Standard Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 2.6.0 - Shark007)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Silent 3ditor (v0.9.9) (HKLM-x32\...\{42258A5E-3399-43FE-8169-46336BCB79DA}) (Version: 0.9.9 - skwas)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17022.20 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17022.20 - Samsung Electronics Co., Ltd.)
SmartWebPrinting (HKLM-x32\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.80.4.50 - Conexant Systems)
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Ultima Mapper Maps Installer version 1.0 (HKLM-x32\...\{EC5E2244-DB33-4A0A-80CF-541AD29D4AD7}_is1) (Version: 1.0 - CyphersTECH Consulting)
Ultima Online 2D Client (HKLM-x32\...\{0F25F02B-854E-49B3-8F68-6D27CE4D477E}) (Version: 5.0.9 - EA Games)
Ultima Online Classic Client (HKLM-x32\...\Ultima Online Classic) (Version:  - Electronic Arts)
Ultima Online Enhanced Client (HKLM-x32\...\Ultima Online Enhanced) (Version:  - Electronic Arts)
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
UOCartographer 0.9 (HKLM-x32\...\UOCartographer 0.9) (Version:  - UOCartographer.com)
UOS version 1.0.5 (HKLM-x32\...\{FC6804BE-B90F-4C2B-BF21-6A4063C8FD4C}_is1) (Version: 1.0.5 - UOS, Team.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Webcam Video Capture 7.0 (HKLM-x32\...\WVCSetup7.0.0_is1) (Version: 7.0.0 - Webcam Simulator)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
x64Components v2.6.0 (HKLM\...\Standard x64Components_is1) (Version: 2.6.0 - Shark007)
Xvid MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version:  - Xvid Development Team)
Youtube Downloader HD v. 2.9.9.21 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2105914770-4202919322-4210220155-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2105914770-4202919322-4210220155-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2105914770-4202919322-4210220155-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2105914770-4202919322-4210220155-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2105914770-4202919322-4210220155-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2105914770-4202919322-4210220155-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2105914770-4202919322-4210220155-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> D:\Program Files (x86)\Google\Update\1.3.33.5\psmachine_64.dll (Google Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext64.dll [2010-03-15] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext64.dll [2010-03-15] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-06] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext64.dll [2010-03-15] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2010-03-15] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E3E113A-6DE3-4463-8196-4C52A57BE760} - System32\Tasks\{84A7EED4-6428-46FD-9538-734970E41154} => D:\Program Files (x86)\Kodi\kodi.exe [2017-05-24] (XBMC-Foundation)
Task: {16E4BB5D-6C16-4DEF-B44A-A4FDAEE69991} - System32\Tasks\GoogleUpdateTaskMachineCore => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-30] (Google Inc.)
Task: {1F970D3E-9A65-40CB-A993-9217D8CCA160} - System32\Tasks\GoogleUpdateTaskMachineUA1d1a597beb143c2 => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-30] (Google Inc.)
Task: {257FCCBB-75C8-4A9B-931C-334F22B87379} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {2C9A7463-1F75-45A3-B0F2-8958CBC2E241} - System32\Tasks\GoogleUpdateTaskMachineUA => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-30] (Google Inc.)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {2F85691A-F17A-4B3A-9D2D-2C204318BE80} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {36FFBBB5-3921-4D0C-BAB4-2C84C34B4AEA} - System32\Tasks\GoogleUpdateTaskMachineCore1d1a597bea3d610 => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-30] (Google Inc.)
Task: {370F4EC2-7B76-4E81-9878-21C9E6293BC5} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {4C93818A-4AB4-45DC-BA2F-8EB4BCD82B05} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {4D9548EE-D1E3-4CE1-8A7B-C9469FE5F174} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)
Task: {4E04F7E4-5BF9-4D9E-805A-5EE8D98A9145} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
Task: {564322B8-5F70-4EFB-9217-6BF28F9CD84C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5AFC3741-6918-491B-AFB7-3A00A30D773A} - no filepath
Task: {6371B95E-F642-41ED-9ED7-4CDF046FA2F9} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {64BE2CAF-765E-4392-9D96-6AAADCDAA69B} - System32\Tasks\{518314D5-B467-4288-A1F8-636D8981136B} => D:\Program Files (x86)\Kodi\kodi.exe [2017-05-24] (XBMC-Foundation)
Task: {78F70B05-340E-4AEF-B211-3B72D098C734} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {7DF7C294-E3BD-43E2-BBA2-55FF2E571548} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {8AF0601A-87D9-4620-8671-EB27A1DDE158} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {98BE40CC-9302-496A-B15F-F752B4AB3703} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B2E7CFAF-AF7A-481D-8577-2B56BD723531} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {C03B33B6-F8CE-431A-AF97-CFF619D1E079} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D0B16F54-C3CC-480D-8EE5-587964A403EB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {D749FD04-AB33-4403-9E11-54587007D7CA} - no filepath
Task: {EA9CCEF9-40F8-44B3-9B9C-D925E4A25D1C} - System32\Tasks\{06081E75-20A4-45A1-97E9-AFFA3625D565} => C:\Windows\system32\pcalua.exe -a "D:\Users\Jaye B\Favorites\Downloads\REALTEK_ALC269-HD-AUDIO_VJ0P8_A13_SETUP_ZPE.exe" -d "D:\Users\Jaye B\Favorites\Downloads"
Task: {F384EC5B-EA4C-409B-B1F9-0404A6878EB5} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {F911E106-6E60-4682-90A7-66BE33856162} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Workshop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ\icq.com.lnk -> hxxp://www.icq.com

ShortcutWithArgument: C:\Users\Workshop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%

==================== Loaded Modules (Whitelisted) ==============

2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-03-25 15:12 - 2010-03-15 11:28 - 000052224 _____ () D:\Program Files\WinRAR\rarext64.dll
2017-10-18 09:20 - 2017-10-10 18:06 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-10-01 20:20 - 2017-10-01 20:20 - 000936960 _____ () C:\Users\Workshop\AppData\Local\usoepiz\usoepiz.exe
2017-10-11 15:55 - 2017-10-11 16:05 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-09-29 11:24 - 2017-09-29 11:24 - 001087488 _____ () C:\Users\Workshop\AppData\Local\usoepiz\cgsinoh.exe
2017-08-02 21:40 - 2017-08-02 21:40 - 053460480 _____ () C:\Users\Workshop\AppData\Local\usoepiz\libcef.dll
2016-05-31 11:43 - 2016-05-31 11:43 - 001976832 _____ () C:\Users\Workshop\AppData\Local\usoepiz\libglesv2.dll
2016-05-31 11:44 - 2016-05-31 11:44 - 000075264 _____ () C:\Users\Workshop\AppData\Local\usoepiz\libegl.dll
2016-06-15 17:15 - 2016-06-15 17:15 - 017599640 _____ () C:\Users\Workshop\AppData\Local\usoepiz\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Workshop\Desktop\FMLA.tiff:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Workshop\Desktop\FMLA.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Workshop\Desktop\James'.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
AlternateDataStreams: C:\Users\Workshop\Desktop\James'.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Workshop\Desktop\Traffic Collision Report.tiff:3or4kl4x13tuuug3Byamue2s4b [91]
AlternateDataStreams: C:\Users\Workshop\Desktop\Traffic Collision Report.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Itaampeafe => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2017-10-19 15:54 - 000000053 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Workshop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^delmer.lnk => C:\Windows\pss\delmer.lnk.Startup
MSCONFIG\startupreg: GoogleChromeAutoLaunch_AB2C22941BC097AF48F7EF399C790E84 => "D:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: issa => "D:\Program Files (x86)\frieden\issa.exe"
MSCONFIG\startupreg: ouster => "D:\Program Files (x86)\Unopened\sportscaster.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EE2C15E5-98A1-4F84-B742-2875C2118C98}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{93F1EDC4-68A4-42D8-B7E2-28FEBDB18265}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{CD2E6969-BE9A-4896-9FF5-EDBF8EEC9713}D:\users\jaye b\appdata\roaming\utorrent\utorrent.exe] => (Allow) D:\users\jaye b\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{F1A4238D-D4A0-4E8A-9C10-762EF566A643}D:\users\jaye b\appdata\roaming\utorrent\utorrent.exe] => (Allow) D:\users\jaye b\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{D6399700-1C97-4B2F-96DD-CB3728784984}] => (Allow) C:\Users\Workshop\AppData\Local\Temp\7zS5E42\setup\hpznui40.exe
FirewallRules: [{F7E11A88-0B72-435D-99E7-D2B1BD072FC2}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{A61C5014-AEE6-4B90-ADD1-9C541DCB6A79}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{C041173C-EF7F-423A-95E7-6BF22A1D98D1}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{8ACFB105-502C-4BD2-806F-049A29FD4427}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{061BDC95-0578-4CF9-9ED1-928B66F531B4}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{DEE202DC-ADBB-4376-8217-0BE90728B03C}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{17E886BD-F43E-49C2-9B80-6448AE1D8899}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{6DAB9FA4-1815-48A7-8D17-5C6DEFCF77AF}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{64A1135E-1A42-4C9F-B861-EEF3F67F43A0}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{91986B83-04E2-4642-8471-F9DD1DBD6AB2}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{85BDE38E-5D18-407A-91C7-F2EE9D1F16DD}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{5D3AC1EF-66CF-4A1C-85A1-401E1AD42BB6}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{1483EA3D-3314-4080-9405-4AFD7A48BFAA}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{4D50EBE7-77CF-4CF7-8F47-AC02E5227FC2}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{2D1D3DF9-2CE4-4FAD-8E90-4678B16368A3}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{4F36A837-DA98-48A5-93AE-AF32CA519951}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{C0784718-A34D-4F84-84A9-654629B04AF9}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [TCP Query User{C6E764ED-2D6B-40FF-9F5A-FDCFF06B6E8B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{BFB4DDBC-4A0F-49B8-A2E7-FA2D6E960959}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E9BF9760-52E0-4570-AC2B-ED0A13823498}] => (Allow) D:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{57788CF8-5B4C-4FD7-976D-8BA057E52D6C}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [UDP Query User{7EE39F9D-7652-4C8A-A4B4-7B69793B05AC}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [TCP Query User{017BE0F2-38FF-423A-B448-E3A679695AE9}C:\users\workshop\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\workshop\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{095AF398-DB46-4881-B927-57B3992486D6}C:\users\workshop\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\workshop\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{3D391034-0746-441F-BA28-CA6624C3E6D5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{93AF82C5-8726-40E3-ABF6-9EAD137ED2D6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{ED257053-F4A8-447F-9856-D8D98C2537EF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1C33DEA8-FCE1-4ACC-934C-CAADA2854987}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A60D4783-A61C-4C55-8306-9C3BB24AA369}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\dueagep.EXE
FirewallRules: [{9B017391-8B0D-4E47-BDBC-CA42F0AAC48D}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\dueagep.EXE
FirewallRules: [{664CACC5-BEC4-4E31-9E54-B5D19E2D5B21}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\dueagep.EXE
FirewallRules: [{02F25DC3-1B7E-43E7-BA55-D41150137223}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\dueagep.EXE
FirewallRules: [{74851FA3-B3DB-4C4D-A070-FF40F694C753}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\dueagep.EXE
FirewallRules: [{3E5E55B5-B94B-4F61-8FD2-61A24882DBBE}] => (Allow) D:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{1C6370D5-9496-4AB9-BEBE-E52A79FD4203}D:\program files\kodi\kodi.exe] => (Allow) D:\program files\kodi\kodi.exe
FirewallRules: [UDP Query User{F19752C2-EFF2-47DB-9140-920AC0F7F238}D:\program files\kodi\kodi.exe] => (Allow) D:\program files\kodi\kodi.exe
FirewallRules: [{F69A59C4-19CF-4C59-90AC-EF358FCAC10E}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{9FF662FA-FE39-4EF8-8B47-54C64235D623}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{61F3126B-C748-4086-9258-9C80603CD9C9}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{2445FBE4-4FA0-4FAA-AA62-75B322B8F98E}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{C5BFFDA8-6E01-474D-8A5E-6E4B4CADA486}] => (Allow) D:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{6E239913-5330-436A-A698-7FA9AB3354ED}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{E06746A6-4DA9-4C1A-BAC4-4697279DAE30}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{462BFB14-5246-4B87-9960-77221643AE84}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{C4C6F386-A58A-4FE2-BD78-5CAB338072A5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{7237DD1F-FE81-4B5A-A69E-0BB9A230297E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{50CDB8DC-0B65-4700-AA69-C82E44704CC6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{BA7DB374-7E55-4F34-BDB1-74910B2462C3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E80D5659-6085-4F81-A54B-1C4267D729B1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{FEF5F58E-99A7-45CD-BE5E-9C3F4ABC01CE}C:\games\electronic arts\ultima online classic\client.exe] => (Allow) C:\games\electronic arts\ultima online classic\client.exe
FirewallRules: [UDP Query User{40226D87-7017-41CC-A50D-683184FD1EC1}C:\games\electronic arts\ultima online classic\client.exe] => (Allow) C:\games\electronic arts\ultima online classic\client.exe
FirewallRules: [TCP Query User{7CD7E08C-268A-425C-83CA-859A9144CE59}C:\games\electronic arts\ultima online classic\client - copy.exe] => (Allow) C:\games\electronic arts\ultima online classic\client - copy.exe
FirewallRules: [UDP Query User{2C048787-4312-4F3B-908A-EFC3D117C49E}C:\games\electronic arts\ultima online classic\client - copy.exe] => (Allow) C:\games\electronic arts\ultima online classic\client - copy.exe
FirewallRules: [TCP Query User{F1284992-A821-4E11-B0E4-F559AC8E7A71}C:\users\workshop\desktop\uoam\uoam.exe] => (Block) C:\users\workshop\desktop\uoam\uoam.exe
FirewallRules: [UDP Query User{D0521BDB-C017-4CAF-9F9C-62EE0542468A}C:\users\workshop\desktop\uoam\uoam.exe] => (Block) C:\users\workshop\desktop\uoam\uoam.exe
FirewallRules: [{DC847766-B9D6-4F57-A64D-6585B5B95B5B}] => (Allow) C:\Users\Workshop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3046B0F5-716B-4439-9841-64C5A8ECA5B5}] => (Allow) C:\Users\Workshop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D68EFE35-DCD9-4C84-9834-F44807A03D26}] => (Allow) C:\Users\Workshop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0B63DFDF-77C6-45BA-BA2F-2E0EE084C645}] => (Allow) C:\Users\Workshop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D6545FA9-63C7-43A2-92FD-AC9F097B1FD4}] => (Allow) C:\Users\Workshop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{841CDB29-0C83-46F4-968D-CD4E40FB5CC8}] => (Allow) C:\Users\Workshop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{34D9826C-CA4C-4566-B1FD-4EBCB4325D36}C:\users\workshop\appdata\roaming\icqm\icq.exe] => (Allow) C:\users\workshop\appdata\roaming\icqm\icq.exe
FirewallRules: [UDP Query User{A315F544-1A49-428A-A075-3C05522E660B}C:\users\workshop\appdata\roaming\icqm\icq.exe] => (Allow) C:\users\workshop\appdata\roaming\icqm\icq.exe
FirewallRules: [{C2CAD8E4-3576-48CC-9F04-02B621465631}] => (Allow) LPort=1688
FirewallRules: [{4300E105-C2BD-400E-A99B-FDA48C8B2A1F}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{FEE56585-9664-4427-B0A7-A142C6B8A8C7}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{4C3C141A-B314-45BA-85C6-C4022DF14912}] => (Allow) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{C41D2CBB-244E-4F59-A292-15F43AE770EE}C:\games\electronic arts\ultima online enhanced\uosa.exe] => (Allow) C:\games\electronic arts\ultima online enhanced\uosa.exe
FirewallRules: [UDP Query User{862D7D47-6E66-45D4-AB8F-1001B369AC68}C:\games\electronic arts\ultima online enhanced\uosa.exe] => (Allow) C:\games\electronic arts\ultima online enhanced\uosa.exe
FirewallRules: [TCP Query User{FC0E1638-BFB8-4938-AEC2-9A93FD3E7091}D:\program files (x86)\kodi\kodi.exe] => (Allow) D:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{47BC19B7-3BE1-4AB6-B440-81DF5459734D}D:\program files (x86)\kodi\kodi.exe] => (Allow) D:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{087E9E22-5E46-4F0E-9442-FFDDFC4E64EC}D:\program files (x86)\google\chrome\application\chrome334.exe] => (Block) D:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [UDP Query User{1F5446A1-E27E-49B2-A51F-137688E5B87E}D:\program files (x86)\google\chrome\application\chrome334.exe] => (Block) D:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [TCP Query User{2C124B8D-6907-4B52-AFE0-A38FCD2F1C56}C:\users\workshop\desktop\uo stealth\stealth.exe] => (Allow) C:\users\workshop\desktop\uo stealth\stealth.exe
FirewallRules: [UDP Query User{8789D2B4-DE9B-421B-AFE8-49EF58B64049}C:\users\workshop\desktop\uo stealth\stealth.exe] => (Allow) C:\users\workshop\desktop\uo stealth\stealth.exe
FirewallRules: [{4B680C92-6414-4118-B390-26FBE157AE38}] => (Allow) D:\Program Files (x86)\Nox\bin\Nox.exe
FirewallRules: [{CE2C274A-8411-4778-9613-B6973E5CF03C}] => (Allow) D:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [{45D589DC-ABF5-4ECA-82C1-8FB224B1B6CD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{03864624-F00D-4B56-801A-A996E6BDB1E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{4D783BB5-8468-4C61-AAA9-7A2F3682DC2D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{AD79F09D-C494-43A3-B758-1B003AA2E33F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{FEC6A8B1-EB52-4E9E-8C5A-38651373CC8F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AB400FDB-7EAA-49F4-95F2-01BCECAE4CDB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{87DA73B3-6DE3-4C01-86E9-78CA66F4E944}] => (Allow) D:\Program Files (x86)\Unopened\sportscaster.exe
FirewallRules: [{A36F5AA3-E2AE-4BE6-BE70-DA3DF61B272B}] => (Allow) D:\Program Files (x86)\Lars\sportscaster.exe

==================== Restore Points =========================

11-10-2017 00:12:48 Windows Update
19-10-2017 15:56:06 Checkpoint by HitmanPro
19-10-2017 22:58:58 Installed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices =============

Name: Officejet 6300 series
Description: Officejet 6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/20/2017 07:09:26 AM) (Source: Wininit) (EventID: 1015) (User: )
Description: A critical system process, C:\Windows\system32\lsass.exe, failed with status code 1.  The machine must now be restarted.

Error: (10/19/2017 03:56:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Quoteex since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (10/19/2017 03:56:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Background Logic Handler since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (10/19/2017 03:56:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Application Experience Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (10/19/2017 03:00:39 PM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-11-18T21:54:39Z. Error Code: 0x80041321.

Error: (10/19/2017 02:58:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cgsinoh.exe, version: 1.0.1.5, time stamp: 0x59cdbcd5
Faulting module name: pepflashplayer.dll, version: 22.0.0.192, time stamp: 0x575f29cf
Exception code: 0x40000015
Fault offset: 0x00834f52
Faulting process id: 0x1324
Faulting application start time: 0x01d34924e8e5f51d
Faulting application path: C:\Users\Workshop\AppData\Local\usoepiz\cgsinoh.exe
Faulting module path: C:\Users\Workshop\AppData\Local\usoepiz\pepflashplayer.dll
Report Id: 9a616026-b518-11e7-9c4a-782bcba3edd2

Error: (10/18/2017 07:09:25 PM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-11-18T02:03:25Z. Error Code: 0x80041321.

Error: (10/18/2017 08:20:49 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: Event-ID 2001

Error: (10/18/2017 08:20:49 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: Event-ID 2001

Error: (10/18/2017 08:20:49 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: Event-ID 2001


System errors:
=============
Error: (10/20/2017 07:21:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMSwissArmy service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/20/2017 07:20:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMSwissArmy service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/20/2017 07:20:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
MBAMSwissArmy

Error: (10/20/2017 07:20:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/20/2017 07:20:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (10/20/2017 07:19:50 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.

Error: (10/20/2017 07:19:50 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.

Error: (10/20/2017 07:17:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMSwissArmy service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/20/2017 07:14:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMSwissArmy service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/20/2017 07:12:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMSwissArmy service failed to start due to the following error:
The system cannot find the file specified.


CodeIntegrity:
===================================
  Date: 2016-08-03 15:45:59.110
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-03 15:45:59.063
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-03 15:45:59.016
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-03 15:45:58.954
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-02 19:42:00.810
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-02 19:42:00.747
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-26 19:21:59.009
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-01 19:05:11.331
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22923_none_59d135b62990188b\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-01 19:05:11.175
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22923_none_59d135b62990188b\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-01 19:05:11.019
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22923_none_59d135b62990188b\appid.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 20%
Total physical RAM: 16341.05 MB
Available physical RAM: 12961.75 MB
Total Virtual: 19805.23 MB
Available Virtual: 15850.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.57 GB) (Free:68.42 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (HP) (Fixed) (Total:290.41 GB) (Free:10.62 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1599.72 GB) NTFS
Drive f: (Recovery) (Fixed) (Total:7.68 GB) (Free:0.87 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: () (Removable) (Total:29.71 GB) (Free:7.19 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 0099E65E)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=290.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 6D6A5291)
Partition 1: (Active) - (Size=223.6 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 29.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 AM

Posted 20 October 2017 - 10:52 AM

Hi itsnotyouitsme :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 itsnotyouitsme

itsnotyouitsme
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 20 October 2017 - 11:00 AM

Hi Aura,

 

Thank you for your assistance. I have downloaded the linked version of MBAR. When I dbl click the file and run as administrator, the file begins to execute and immediately closes.


Edited by itsnotyouitsme, 20 October 2017 - 11:04 AM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 AM

Posted 20 October 2017 - 11:26 AM

Do you have a folder called "mbar" on your desktop afterwards, or not?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 itsnotyouitsme

itsnotyouitsme
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 20 October 2017 - 11:42 AM

Yes, I do.

 

Update:

 

I was able to finally get into recovery and run C:\mbstart.cmd

 

Malwarebytes Anti-Rootkit BETA 1.10.2.1001
www.malwarebytes.org

Database version:
  main:    v2017.10.20.07
  rootkit: v2017.10.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18816
Workshop :: WORKSHOP-PC [administrator]

10/20/2017 10:16:39 AM
mbar-log-2017-10-20 (10-16-39).txt

Scan type:
Scan options enabled: Anti-Rootkit | Drivers | MBR
Scan options disabled: Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Objects scanned: 331
Time elapsed: 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\SYSTEM32\drivers\upkfimps.sys (Rootkit.Agent.PUA) -> Delete on reboot. [05201d5e177d83341ad700a50171f6e5]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 


Edited by itsnotyouitsme, 20 October 2017 - 12:20 PM.


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 AM

Posted 21 October 2017 - 09:23 AM

Awesome! Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 itsnotyouitsme

itsnotyouitsme
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 21 October 2017 - 10:33 AM

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/21/17
Scan Time: 8:30 AM
Log File: c707c282-b674-11e7-893f-782bcba3edd2.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3061
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Workshop-PC\Workshop

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354339
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 min, 4 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)


Edited by itsnotyouitsme, 21 October 2017 - 10:33 AM.


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 AM

Posted 21 October 2017 - 11:09 AM

Good. Now let's do a sweep with RogueKiller and AdwCleaner.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 itsnotyouitsme

itsnotyouitsme
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 21 October 2017 - 11:46 AM

RogueKiller V12.11.20.0 (x64) [Oct 16 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Workshop [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 10/21/2017 09:18:11 (Duration : 00:16:58)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 73 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AppId_Catalog\0055E865 | AppFullPath : C:\ProgramData\boostwebapp\1.1.0.31\Itaampeafe.exe [x] -> Deleted
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AppId_Catalog\0055E865 | AppFullPath : C:\ProgramData\boostwebapp\1.1.0.31\Itaampeafe.exe [x] -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WinSock2\Parameters\AppId_Catalog\0055E865 | AppFullPath : C:\ProgramData\boostwebapp\1.1.0.31\Itaampeafe.exe [x] -> Deleted
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WinSock2\Parameters\AppId_Catalog\0055E865 | AppFullPath : C:\ProgramData\boostwebapp\1.1.0.31\Itaampeafe.exe [x] -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\WinSock2\Parameters\AppId_Catalog\0055E865 | AppFullPath : C:\ProgramData\boostwebapp\1.1.0.31\Itaampeafe.exe [x] -> Deleted
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\WinSock2\Parameters\AppId_Catalog\0055E865 | AppFullPath : C:\ProgramData\boostwebapp\1.1.0.31\Itaampeafe.exe [x] -> ERROR [2]
[PUP.Gen1] (X64) HKEY_USERS\RK_Jaye B_ON_D_7575\Software\AceStream -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Jaye B_ON_D_7575\Software\AceStream -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Jaye B_ON_D_7575\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Jaye B_ON_D_7575\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2105914770-4202919322-4210220155-1000\SOFTWARE\Microsoft\Internet Explorer\Extensions\{086C8477-4F71-4550-87FB-AF0AE8DF3E98} | Exec : C:\Users\Workshop\AppData\Roaming\ICQM\icq.exe [x] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2105914770-4202919322-4210220155-1000\SOFTWARE\Microsoft\Internet Explorer\Extensions\{086C8477-4F71-4550-87FB-AF0AE8DF3E98} | Exec : C:\Users\Workshop\AppData\Roaming\ICQM\icq.exe [x] -> ERROR [2]
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Deleted
[Keylog.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_5143\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2474817D-4840-47C5-BA02-78357FECBB8F} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Windows\system32\MPK\mpk.exe|Name=TCP\IP| [x] -> Deleted
[Keylog.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_5143\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6E8D8D48-E2BD-4E44-9013-8C0966251F1B} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Windows\system32\MPK\mpkview.exe|Name=TCP\IP| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_5143\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8C1E693E-F656-4B35-B3ED-AC7378285FE7} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Jaye B\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_5143\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {06C8D6E5-9FC1-4D42-BF8A-E80BDAC0782A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Jaye B\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_5143\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E324D98F-CDA2-47E3-941F-3767E624EBCE} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Jaye B\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (TCP-In)|Desc=Allow ?Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_5143\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E84E682A-C46D-43B9-ABE5-25D8195C4C69} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Jaye B\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (UDP-In)|Desc=Allow ?Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_5143\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{48EF37E4-7413-4ED4-9592-6F6BC23BE748}C:\users\jaye b\appdata\roaming\acestream\engine\ace_engine.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\jaye b\appdata\roaming\acestream\engine\ace_engine.exe|Name=ace_engine.exe|Desc=ace_engine.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_5143\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{D1179435-2796-410A-A846-FC56C9E298DB}C:\users\jaye b\appdata\roaming\acestream\engine\ace_engine.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\jaye b\appdata\roaming\acestream\engine\ace_engine.exe|Name=ace_engine.exe|Desc=ace_engine.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_5143\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{E01CC520-0E16-4C53-865C-19DBBEBE0175}C:\users\jaye b\appdata\roaming\acestream\engine\ace_engine.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\jaye b\appdata\roaming\acestream\engine\ace_engine.exe|Name=ace_engine.exe|Desc=ace_engine.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_5143\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{E2DAA97A-FA4F-427A-AC8F-64D0758C0FAD}C:\users\jaye b\appdata\roaming\acestream\engine\ace_engine.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\jaye b\appdata\roaming\acestream\engine\ace_engine.exe|Name=ace_engine.exe|Desc=ace_engine.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_5143\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0158A95C-F3EA-4A8D-B116-FFAF8562DEDD} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Jaye B\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe|Name=Facebook Video Calling Plugin|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{CD2E6969-BE9A-4896-9FF5-EDBF8EEC9713}D:\users\jaye b\appdata\roaming\utorrent\utorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=D:\users\jaye b\appdata\roaming\utorrent\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=TRUE|Defer=App| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{F1A4238D-D4A0-4E8A-9C10-762EF566A643}D:\users\jaye b\appdata\roaming\utorrent\utorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=D:\users\jaye b\appdata\roaming\utorrent\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=TRUE|Defer=App| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D6399700-1C97-4B2F-96DD-CB3728784984} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Workshop\AppData\Local\Temp\7zS5E42\setup\hpznui40.exe|Name=hpznui40.exe|Desc=C:\Users\Workshop\AppData\Local\Temp\7zS5E42\setup\hpznui40.exe| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A60D4783-A61C-4C55-8306-9C3BB24AA369} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\boostwebapp\1.1.0.31\dueagep.EXE|Name=xekhikzyc| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9B017391-8B0D-4E47-BDBC-CA42F0AAC48D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=C:\ProgramData\boostwebapp\1.1.0.31\dueagep.EXE|Name=xekhikzyc| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {664CACC5-BEC4-4E31-9E54-B5D19E2D5B21} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|App=C:\ProgramData\boostwebapp\1.1.0.31\dueagep.EXE|Name=xekhikzyc| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {02F25DC3-1B7E-43E7-BA55-D41150137223} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\boostwebapp\1.1.0.31\dueagep.EXE|Name=xekhikzyc| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {74851FA3-B3DB-4C4D-A070-FF40F694C753} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\boostwebapp\1.1.0.31\dueagep.EXE|Name=xekhikzyc| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{34D9826C-CA4C-4566-B1FD-4EBCB4325D36}C:\users\workshop\appdata\roaming\icqm\icq.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\workshop\appdata\roaming\icqm\icq.exe|Name=icq.exe|Desc=icq.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{A315F544-1A49-428A-A075-3C05522E660B}C:\users\workshop\appdata\roaming\icqm\icq.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\workshop\appdata\roaming\icqm\icq.exe|Name=icq.exe|Desc=icq.exe|Defer=User| [x] -> Deleted
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4300E105-C2BD-400E-A99B-FDA48C8B2A1F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\KMSpico\Service_KMS.exe|Name=KMS Emulator: Service_KMS.exe| [x] -> Deleted
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FEE56585-9664-4427-B0A7-A142C6B8A8C7} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\KMSpico\Service_KMS.exe|Name=KMS Emulator: Service_KMS.exe| [x] -> Deleted
[Keylog.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_5143\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2474817D-4840-47C5-BA02-78357FECBB8F} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Windows\system32\MPK\mpk.exe|Name=TCP\IP| [x] -> Deleted
[Keylog.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_5143\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6E8D8D48-E2BD-4E44-9013-8C0966251F1B} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Windows\system32\MPK\mpkview.exe|Name=TCP\IP| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_5143\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8C1E693E-F656-4B35-B3ED-AC7378285FE7} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Jaye B\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_5143\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {06C8D6E5-9FC1-4D42-BF8A-E80BDAC0782A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Jaye B\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_5143\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E324D98F-CDA2-47E3-941F-3767E624EBCE} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Jaye B\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (TCP-In)|Desc=Allow ?Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_5143\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E84E682A-C46D-43B9-ABE5-25D8195C4C69} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Jaye B\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (UDP-In)|Desc=Allow ?Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_5143\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{48EF37E4-7413-4ED4-9592-6F6BC23BE748}C:\users\jaye b\appdata\roaming\acestream\engine\ace_engine.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\jaye b\appdata\roaming\acestream\engine\ace_engine.exe|Name=ace_engine.exe|Desc=ace_engine.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_5143\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{D1179435-2796-410A-A846-FC56C9E298DB}C:\users\jaye b\appdata\roaming\acestream\engine\ace_engine.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\jaye b\appdata\roaming\acestream\engine\ace_engine.exe|Name=ace_engine.exe|Desc=ace_engine.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_5143\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{E01CC520-0E16-4C53-865C-19DBBEBE0175}C:\users\jaye b\appdata\roaming\acestream\engine\ace_engine.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\jaye b\appdata\roaming\acestream\engine\ace_engine.exe|Name=ace_engine.exe|Desc=ace_engine.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_5143\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{E2DAA97A-FA4F-427A-AC8F-64D0758C0FAD}C:\users\jaye b\appdata\roaming\acestream\engine\ace_engine.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\jaye b\appdata\roaming\acestream\engine\ace_engine.exe|Name=ace_engine.exe|Desc=ace_engine.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_5143\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0158A95C-F3EA-4A8D-B116-FFAF8562DEDD} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Jaye B\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe|Name=Facebook Video Calling Plugin|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{CD2E6969-BE9A-4896-9FF5-EDBF8EEC9713}D:\users\jaye b\appdata\roaming\utorrent\utorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=D:\users\jaye b\appdata\roaming\utorrent\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=TRUE|Defer=App| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{F1A4238D-D4A0-4E8A-9C10-762EF566A643}D:\users\jaye b\appdata\roaming\utorrent\utorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=D:\users\jaye b\appdata\roaming\utorrent\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=TRUE|Defer=App| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D6399700-1C97-4B2F-96DD-CB3728784984} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Workshop\AppData\Local\Temp\7zS5E42\setup\hpznui40.exe|Name=hpznui40.exe|Desc=C:\Users\Workshop\AppData\Local\Temp\7zS5E42\setup\hpznui40.exe| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A60D4783-A61C-4C55-8306-9C3BB24AA369} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\boostwebapp\1.1.0.31\dueagep.EXE|Name=xekhikzyc| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9B017391-8B0D-4E47-BDBC-CA42F0AAC48D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=C:\ProgramData\boostwebapp\1.1.0.31\dueagep.EXE|Name=xekhikzyc| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {664CACC5-BEC4-4E31-9E54-B5D19E2D5B21} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|App=C:\ProgramData\boostwebapp\1.1.0.31\dueagep.EXE|Name=xekhikzyc| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {02F25DC3-1B7E-43E7-BA55-D41150137223} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\boostwebapp\1.1.0.31\dueagep.EXE|Name=xekhikzyc| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {74851FA3-B3DB-4C4D-A070-FF40F694C753} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\boostwebapp\1.1.0.31\dueagep.EXE|Name=xekhikzyc| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{34D9826C-CA4C-4566-B1FD-4EBCB4325D36}C:\users\workshop\appdata\roaming\icqm\icq.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\workshop\appdata\roaming\icqm\icq.exe|Name=icq.exe|Desc=icq.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{A315F544-1A49-428A-A075-3C05522E660B}C:\users\workshop\appdata\roaming\icqm\icq.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\workshop\appdata\roaming\icqm\icq.exe|Name=icq.exe|Desc=icq.exe|Defer=User| [x] -> Deleted
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4300E105-C2BD-400E-A99B-FDA48C8B2A1F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\KMSpico\Service_KMS.exe|Name=KMS Emulator: Service_KMS.exe| [x] -> Deleted
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FEE56585-9664-4427-B0A7-A142C6B8A8C7} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\KMSpico\Service_KMS.exe|Name=KMS Emulator: Service_KMS.exe| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{CD2E6969-BE9A-4896-9FF5-EDBF8EEC9713}D:\users\jaye b\appdata\roaming\utorrent\utorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=D:\users\jaye b\appdata\roaming\utorrent\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=TRUE|Defer=App| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{F1A4238D-D4A0-4E8A-9C10-762EF566A643}D:\users\jaye b\appdata\roaming\utorrent\utorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=D:\users\jaye b\appdata\roaming\utorrent\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=TRUE|Defer=App| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D6399700-1C97-4B2F-96DD-CB3728784984} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Workshop\AppData\Local\Temp\7zS5E42\setup\hpznui40.exe|Name=hpznui40.exe|Desc=C:\Users\Workshop\AppData\Local\Temp\7zS5E42\setup\hpznui40.exe| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{017BE0F2-38FF-423A-B448-E3A679695AE9}C:\users\workshop\appdata\roaming\acestream\engine\ace_engine.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\workshop\appdata\roaming\acestream\engine\ace_engine.exe|Name=ace_engine.exe|Desc=ace_engine.exe|Defer=User| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{095AF398-DB46-4881-B927-57B3992486D6}C:\users\workshop\appdata\roaming\acestream\engine\ace_engine.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\workshop\appdata\roaming\acestream\engine\ace_engine.exe|Name=ace_engine.exe|Desc=ace_engine.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A60D4783-A61C-4C55-8306-9C3BB24AA369} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\boostwebapp\1.1.0.31\dueagep.EXE|Name=xekhikzyc| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9B017391-8B0D-4E47-BDBC-CA42F0AAC48D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=C:\ProgramData\boostwebapp\1.1.0.31\dueagep.EXE|Name=xekhikzyc| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {664CACC5-BEC4-4E31-9E54-B5D19E2D5B21} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|App=C:\ProgramData\boostwebapp\1.1.0.31\dueagep.EXE|Name=xekhikzyc| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {02F25DC3-1B7E-43E7-BA55-D41150137223} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\boostwebapp\1.1.0.31\dueagep.EXE|Name=xekhikzyc| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {74851FA3-B3DB-4C4D-A070-FF40F694C753} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\boostwebapp\1.1.0.31\dueagep.EXE|Name=xekhikzyc| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{34D9826C-CA4C-4566-B1FD-4EBCB4325D36}C:\users\workshop\appdata\roaming\icqm\icq.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\workshop\appdata\roaming\icqm\icq.exe|Name=icq.exe|Desc=icq.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{A315F544-1A49-428A-A075-3C05522E660B}C:\users\workshop\appdata\roaming\icqm\icq.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\workshop\appdata\roaming\icqm\icq.exe|Name=icq.exe|Desc=icq.exe|Defer=User| [x] -> Deleted
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4300E105-C2BD-400E-A99B-FDA48C8B2A1F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\KMSpico\Service_KMS.exe|Name=KMS Emulator: Service_KMS.exe| [x] -> Deleted
[PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FEE56585-9664-4427-B0A7-A142C6B8A8C7} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\KMSpico\Service_KMS.exe|Name=KMS Emulator: Service_KMS.exe| [x] -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 7 ¤¤¤
[PUP.HackTool][Folder] C:\Windows\AutoKMS -> Deleted
[PUP.HackTool][File] C:\Windows\AutoKMS\AutoKMS.log -> Deleted
[PUP.uTorrentAds][File] C:\Users\Workshop\AppData\Roaming\uTorrent\updates\3.4.5_41801\utorrentie.exe -> Deleted
[PUP.HackTool][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico -> Deleted
[PUP.HackTool][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Log KMSpico.lnk -> Deleted
[PUP.HackTool][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Uninstall KMSpico.lnk -> Deleted
[PUP.AutoIt.Gen][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs\Settings Application 32bit.lnk [LNK@] D:\PROGRA~3\Shark007\Standard\Tools\SETTIN~1.EXE -> Deleted
[PUP.AutoIt.Gen][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs\Uninstall 32bit Standard.lnk [LNK@] D:\PROGRA~3\Shark007\Standard\Tools\SETTIN~1.EXE -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\installAll.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\AccessVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\AccessVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\AccessVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Access -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\ExcelVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\ExcelVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\ExcelVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Excel\Excel_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Excel -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\GrooveVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\GrooveVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\GrooveVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Groove\Groove_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Groove -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPathVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPathVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPathVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath\InfoPath_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\InfoPath -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNoteVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNoteVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNoteVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\OneNote\OneNote_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\OneNote -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\OutlookVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\OutlookVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\OutlookVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Outlook\Outlook_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Outlook -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPointVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPointVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPointVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint\PowerPoint_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\PowerPoint -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectProVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectProVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectProVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro\ProjectPro_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\ProjectPro -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStdVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStdVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStdVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_MAK2.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_MAK2.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_MAK2.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd\ProjectStd_MAK2.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\ProjectStd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlusAcad_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlusAcad_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlusAcad_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlusAcad_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlusVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlusVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlusVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus\ProPlus_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\ProPlus -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\PublisherVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\PublisherVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\PublisherVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Publisher\Publisher_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Publisher -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasicsVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasicsVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasicsVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics\SmallBusBasics_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\SmallBusBasics -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\StandardAcad_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\StandardAcad_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\StandardAcad_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\StandardAcad_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\StandardVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\StandardVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\StandardVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Standard\Standard_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Standard -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPrem_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioPro_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioStd_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Visio\VisioVLRegWOW.reg -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Visio -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\WordVLReg32.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\WordVLReg64.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\WordVLRegWOW.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_KMS_Client.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_KMS_Client.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_KMS_Client.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_KMS_Client.RAC_Priv.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_KMS_Client.RAC_Pub.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_MAK.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_MAK.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_MAK.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2010\Word\Word_MAK.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010\Word -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2010 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\LicenseSetData._4374022D_56B8_48C1_9BB7_D8F2FC726343.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\LicenseSetData._4374022D_56B8_48C1_9BB7_D8F2FC726343.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\LicenseSetData._4374022D_56B8_48C1_9BB7_D8F2FC726343.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\LicenseSetData._4374022D_56B8_48C1_9BB7_D8F2FC726343.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\LicenseSetData._6EE7622C_18D8_4005_9FB7_92DB644A279B.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\LicenseSetData._6EE7622C_18D8_4005_9FB7_92DB644A279B.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Access\LicenseSetData._6EE7622C_18D8_4005_9FB7_92DB644A279B.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\Access -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\LicenseSetData._AC1AE7FD_B949_4E04_A330_849BC40638CF.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\LicenseSetData._AC1AE7FD_B949_4E04_A330_849BC40638CF.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\LicenseSetData._AC1AE7FD_B949_4E04_A330_849BC40638CF.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\LicenseSetData._AC1AE7FD_B949_4E04_A330_849BC40638CF.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\LicenseSetData._F7461D52_7C2B_43B2_8744_EA958E0BD09A.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\LicenseSetData._F7461D52_7C2B_43B2_8744_EA958E0BD09A.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Excel\LicenseSetData._F7461D52_7C2B_43B2_8744_EA958E0BD09A.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\Excel -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\LicenseSetData._9E016989_4007_42A6_8051_64EB97110CF2.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\LicenseSetData._9E016989_4007_42A6_8051_64EB97110CF2.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\LicenseSetData._9E016989_4007_42A6_8051_64EB97110CF2.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\LicenseSetData._9E016989_4007_42A6_8051_64EB97110CF2.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\LicenseSetData._A30B8040_D68A_423F_B0B5_9CE292EA5A8F.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\LicenseSetData._A30B8040_D68A_423F_B0B5_9CE292EA5A8F.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath\LicenseSetData._A30B8040_D68A_423F_B0B5_9CE292EA5A8F.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\InfoPath -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\LicenseSetData._1B9F11E3_C85C_4E1B_BB29_879AD2C909E3.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\LicenseSetData._1B9F11E3_C85C_4E1B_BB29_879AD2C909E3.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\LicenseSetData._1B9F11E3_C85C_4E1B_BB29_879AD2C909E3.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\LicenseSetData._E1264E10_AFAF_4439_A98B_256DF8BB156F.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\LicenseSetData._E1264E10_AFAF_4439_A98B_256DF8BB156F.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\LicenseSetData._E1264E10_AFAF_4439_A98B_256DF8BB156F.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Lync\LicenseSetData._E1264E10_AFAF_4439_A98B_256DF8BB156F.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\Lync -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\LicenseSetData._B067E965_7521_455B_B9F7_C740204578A2.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\LicenseSetData._B067E965_7521_455B_B9F7_C740204578A2.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\LicenseSetData._B067E965_7521_455B_B9F7_C740204578A2.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\LicenseSetData._B067E965_7521_455B_B9F7_C740204578A2.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\LicenseSetData._EFE1F3E6_AEA2_4144_A208_32AA872B6545.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\LicenseSetData._EFE1F3E6_AEA2_4144_A208_32AA872B6545.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\OneNote\LicenseSetData._EFE1F3E6_AEA2_4144_A208_32AA872B6545.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\OneNote -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\LicenseSetData._771C3AFA_50C5_443F_B151_FF2546D863A0.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\LicenseSetData._771C3AFA_50C5_443F_B151_FF2546D863A0.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\LicenseSetData._771C3AFA_50C5_443F_B151_FF2546D863A0.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\LicenseSetData._8D577C50_AE5E_47FD_A240_24986F73D503.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\LicenseSetData._8D577C50_AE5E_47FD_A240_24986F73D503.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\LicenseSetData._8D577C50_AE5E_47FD_A240_24986F73D503.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Outlook\LicenseSetData._8D577C50_AE5E_47FD_A240_24986F73D503.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\Outlook -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\LicenseSetData._8C762649_97D1_4953_AD27_B7E2C25B972E.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\LicenseSetData._8C762649_97D1_4953_AD27_B7E2C25B972E.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\LicenseSetData._8C762649_97D1_4953_AD27_B7E2C25B972E.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\LicenseSetData._E40DCB44_1D5C_4085_8E8F_943F33C4F004.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\LicenseSetData._E40DCB44_1D5C_4085_8E8F_943F33C4F004.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\LicenseSetData._E40DCB44_1D5C_4085_8E8F_943F33C4F004.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint\LicenseSetData._E40DCB44_1D5C_4085_8E8F_943F33C4F004.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\PowerPoint -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\LicenseSetData._4A5D124A_E620_44BA_B6FF_658961B33B9A.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\LicenseSetData._4A5D124A_E620_44BA_B6FF_658961B33B9A.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\LicenseSetData._4A5D124A_E620_44BA_B6FF_658961B33B9A.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\LicenseSetData._ED34DC89_1C27_4ECD_8B2F_63D0F4CEDC32.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\LicenseSetData._ED34DC89_1C27_4ECD_8B2F_63D0F4CEDC32.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\LicenseSetData._ED34DC89_1C27_4ECD_8B2F_63D0F4CEDC32.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro\LicenseSetData._ED34DC89_1C27_4ECD_8B2F_63D0F4CEDC32.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\ProjectPro -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\LicenseSetData._2B9E4A37_6230_4B42_BEE2_E25CE86C8C7A.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\LicenseSetData._2B9E4A37_6230_4B42_BEE2_E25CE86C8C7A.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\LicenseSetData._2B9E4A37_6230_4B42_BEE2_E25CE86C8C7A.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\LicenseSetData._2B9E4A37_6230_4B42_BEE2_E25CE86C8C7A.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\LicenseSetData._427A28D1_D17C_4ABF_B717_32C780BA6F07.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\LicenseSetData._427A28D1_D17C_4ABF_B717_32C780BA6F07.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd\LicenseSetData._427A28D1_D17C_4ABF_B717_32C780BA6F07.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\ProjectStd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\LicenseSetData._2B88C4F2_EA8F_43CD_805E_4D41346E18A7.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\LicenseSetData._2B88C4F2_EA8F_43CD_805E_4D41346E18A7.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\LicenseSetData._2B88C4F2_EA8F_43CD_805E_4D41346E18A7.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\LicenseSetData._2B88C4F2_EA8F_43CD_805E_4D41346E18A7.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\LicenseSetData._B322DA9C_A2E2_4058_9E4E_F59A6970BD69.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\LicenseSetData._B322DA9C_A2E2_4058_9E4E_F59A6970BD69.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\LicenseSetData._B322DA9C_A2E2_4058_9E4E_F59A6970BD69.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus\proplus.reg -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\ProPlus -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\LicenseSetData._00C79FF1_6850_443D_BF61_71CDE0DE305F.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\LicenseSetData._00C79FF1_6850_443D_BF61_71CDE0DE305F.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\LicenseSetData._00C79FF1_6850_443D_BF61_71CDE0DE305F.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\LicenseSetData._38EA49F6_AD1D_43F1_9888_99A35D7C9409.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\LicenseSetData._38EA49F6_AD1D_43F1_9888_99A35D7C9409.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\LicenseSetData._38EA49F6_AD1D_43F1_9888_99A35D7C9409.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Publisher\LicenseSetData._38EA49F6_AD1D_43F1_9888_99A35D7C9409.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\Publisher -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\LicenseSetData._A24CCA51_3D54_4C41_8A76_4031F5338CB2.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\LicenseSetData._A24CCA51_3D54_4C41_8A76_4031F5338CB2.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\LicenseSetData._A24CCA51_3D54_4C41_8A76_4031F5338CB2.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\LicenseSetData._A24CCA51_3D54_4C41_8A76_4031F5338CB2.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\LicenseSetData._B13AFB38_CD79_4AE5_9F7F_EED058D750CA.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\LicenseSetData._B13AFB38_CD79_4AE5_9F7F_EED058D750CA.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Standard\LicenseSetData._B13AFB38_CD79_4AE5_9F7F_EED058D750CA.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\Standard -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\LicenseSetData._3E4294DD_A765_49BC_8DBD_CF8B62A4BD3D.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\LicenseSetData._3E4294DD_A765_49BC_8DBD_CF8B62A4BD3D.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\LicenseSetData._3E4294DD_A765_49BC_8DBD_CF8B62A4BD3D.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\LicenseSetData._3E4294DD_A765_49BC_8DBD_CF8B62A4BD3D.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\LicenseSetData._E13AC10E_75D0_4AFF_A0CD_764982CF541C.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\LicenseSetData._E13AC10E_75D0_4AFF_A0CD_764982CF541C.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\LicenseSetData._E13AC10E_75D0_4AFF_A0CD_764982CF541C.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro\visio.reg -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\VisioPro -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\LicenseSetData._44A1F6FF_0876_4EDB_9169_DBB43101EE89.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\LicenseSetData._44A1F6FF_0876_4EDB_9169_DBB43101EE89.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\LicenseSetData._44A1F6FF_0876_4EDB_9169_DBB43101EE89.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\LicenseSetData._44A1F6FF_0876_4EDB_9169_DBB43101EE89.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\LicenseSetData._AC4EFAF0_F81F_4F61_BDF7_EA32B02AB117.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\LicenseSetData._AC4EFAF0_F81F_4F61_BDF7_EA32B02AB117.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd\LicenseSetData._AC4EFAF0_F81F_4F61_BDF7_EA32B02AB117.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\VisioStd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\LicenseSetData._9CEDEF15_BE37_4FF0_A08A_13A045540641.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\LicenseSetData._9CEDEF15_BE37_4FF0_A08A_13A045540641.PHN.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\LicenseSetData._9CEDEF15_BE37_4FF0_A08A_13A045540641.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\LicenseSetData._9CEDEF15_BE37_4FF0_A08A_13A045540641.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\LicenseSetData._D9F5B1C6_5386_495A_88F9_9AD6B41AC9B3.OOB.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\LicenseSetData._D9F5B1C6_5386_495A_88F9_9AD6B41AC9B3.PL.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\cert\kmscert2013\Word\LicenseSetData._D9F5B1C6_5386_495A_88F9_9AD6B41AC9B3.PPDLIC.xrm-ms -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013\Word -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscert2013 -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw6\Business -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw6\Enterprise -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw6 -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw7\Enterprise -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw7\Professional -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw7 -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw8\Enterprise\plugin-manifests-signed -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw8\Enterprise\tokens\addons\APPXLOB-Client -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw8\Enterprise\tokens\addons\OCUR -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw8\Enterprise\tokens\addons -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw8\Enterprise\tokens\issuance -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw8\Enterprise\tokens\legacy -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw8\Enterprise\tokens\pkeyconfig -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw8\Enterprise\tokens\ppdlic -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw8\Enterprise\tokens\rules -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw8\Enterprise\tokens\skus\csvlk-pack -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw8\Enterprise\tokens\skus\Enterprise -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw8\Enterprise\tokens\skus -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw8\Enterprise\tokens -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw8\Enterprise -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw8\Professional -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw8 -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw81\Professional -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert\kmscertw81 -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\cert -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\DevComponents.DotNetBar2.dll -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\driver\OpenVPN.cer -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\driver\tap-windows-9.21.0.exe -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\driver\UnInstallDriver.cmd -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\driver -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\icons\Error.png -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\icons\Information.png -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\icons\Question.png -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\icons\Warning.png -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\icons -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\logs\AutoPico.log -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\logs\KMSELDI.log -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\logs\Service_KMS.log -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\logs -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\EnableSmartScreen.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\EnableSmartScreen.reg -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\Install_Service.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\Install_Task.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\Log.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\Restore_Watermark.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\Silent.cmd -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\scripts\UnInstall_Service.cmd -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\scripts -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\affirmative.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\begin.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\complete.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\diagnostic.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\enterauthorizationcode.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\incomingtransmission.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\inputfailed.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\inputok.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\processing.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\transfer.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\verified.mp3 -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\sounds\warning.mp3 -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\sounds -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\TokensBackup\Keys.txt -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\TokensBackup\Office\Cache\cache.dat -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\TokensBackup\Office\Cache -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\TokensBackup\Office\pkeyconfig-office.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\TokensBackup\Office\tokens.dat -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\TokensBackup\Office -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\TokensBackup\Windows\Cache\cache.dat -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\TokensBackup\Windows\Cache -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\TokensBackup\Windows\pkeyconfig.xrm-ms -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\TokensBackup\Windows\tokens.dat -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\TokensBackup\Windows -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\TokensBackup -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\unins000.dat -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\unins000.exe -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\UninsHs.exe -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\Vestris.ResourceLib.dll -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\x64 -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\x86 -> Deleted
[PUP.AutoIt.Gen][File] C:\Program Files\Shark007\Tools\Settings64.exe -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD20EADS-00S2B0 ATA Device +++++
--- User ---
[MBR] 31ccfc85e97c6ff121aec6e399225109
[BSP] 8c6242f398ba479fd799ce31cd68d7f6 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: KINGSTON SV300S37A240G ATA Device +++++
--- User ---
[MBR] f20dd0100460aa4b05349fb8d0998d2e
[BSP] adf3ff80e298470caf59d84b6e771278 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 228934 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Hitachi HDT725032VLA380 ATA Device +++++
--- User ---
[MBR] 7944c1ae6a745d054e0b9bc38f9b768a
[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 297375 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 609024150 | Size: 7867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
--- User ---
[MBR] 9316104665a782f81734208e2c0e3e52
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 30432 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive6: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 

 

 

 

 

# AdwCleaner 7.0.3.1 - Logfile created on Sat Oct 21 16:44:45 2017
# Updated on 2017/29/09 by Malwarebytes
# Database: 10-17-2017.1
# Running on Windows 7 Ultimate (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########


Edited by itsnotyouitsme, 21 October 2017 - 11:47 AM.


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 AM

Posted 22 October 2017 - 01:24 PM

Good :) Now let's run a new scan with FRST and see if there's anything left to remove.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Click on the Scan button
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 itsnotyouitsme

itsnotyouitsme
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 22 October 2017 - 10:58 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-10-2017 01
Ran by Workshop (administrator) on WORKSHOP-PC (22-10-2017 20:56:58)
Running from C:\Users\Workshop\Desktop
Loaded Profiles: Workshop (Available Profiles: Workshop)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) D:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) D:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(Adobe Systems Inc.) D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Hewlett-Packard) D:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard) D:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(DEVGURU Co., LTD.) D:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907792 2012-07-18] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2015-12-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] => D:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => D:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> E:\Users\JAYEB~1\FAVORI~1\DOWNLO~1\RKILL~1.SCR
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C720EF9C-1EE7-4D5C-A7FD-51095F18BC4B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C8819566-8B45-4EB7-ADA8-EB6689693604}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-20] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-20] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> D:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> D:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Workshop\AppData\Roaming\Mozilla\Firefox\Profiles\srngem8a.default-1433722778399 [2017-10-22]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\srngem8a.default-1433722778399 -> Google
FF Homepage: Mozilla\Firefox\Profiles\srngem8a.default-1433722778399 -> hxxps://www.yahoo.com/
FF Extension: (Adblock Plus) - C:\Users\Workshop\AppData\Roaming\Mozilla\Firefox\Profiles\srngem8a.default-1433722778399\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-02-18]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - D:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - D:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-08-10] [not signed]
FF HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - D:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-19] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-19] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> D:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> D:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> D:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~3\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> D:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> D:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-13] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Default [2017-10-20]
CHR Extension: (Slides) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Docs) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Google Drive) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-18]
CHR Extension: (YouTube) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-08-13]
CHR Extension: (Sheets) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (Google Docs Offline) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-18]
CHR Extension: (Gmail) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-18]
CHR Extension: (Chrome Media Router) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-18]
CHR Profile: C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-10-18]
CHR Extension: (Google Slides) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-20]
CHR Extension: (Google Docs) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-20]
CHR Extension: (Google Drive) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-18]
CHR Extension: (YouTube) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-20]
CHR Extension: (Google Search) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-20]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-06-20]
CHR Extension: (Google Sheets) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-20]
CHR Extension: (Google Docs Offline) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-07]
CHR Extension: (Sneakerbots4all Eastbay and FL Auto Checkout) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kkikcpcodpnafiabcdmigmgekggfdoja [2015-06-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-07]
CHR Extension: (Gmail) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-20]
CHR Profile: C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-18]
CHR Extension: (Google Slides) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-20]
CHR Extension: (Google Docs) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-20]
CHR Extension: (Google Drive) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-20]
CHR Extension: (YouTube) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-20]
CHR Extension: (Google Search) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-20]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-06-20]
CHR Extension: (Google Sheets) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-20]
CHR Extension: (Google Wallet) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-20]
CHR Extension: (Gmail) - C:\Users\Workshop\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-20]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-12-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 gupdate; D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-05-30] (Google Inc.)
S3 gupdatem; D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-05-30] (Google Inc.)
R3 hpqcxs08; D:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; D:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; D:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-06] (NVIDIA Corporation)
R2 NvTelemetryContainer; D:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-10-10] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2130440 2016-09-15] (Electronic Arts)
S2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [2195472 2016-09-15] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies)
R2 ss_conn_service; D:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-15] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-10-04] ()
S3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1485824 2009-02-13] (Conexant Systems, Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-17] (REALiX™)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [3008144 2012-11-02] (Realtek Semiconductor Corp.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [192952 2017-10-21] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-10-22] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45504 2017-10-22] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-10-22] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-10-22] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-10-10] (NVIDIA Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2017-02-11] (BigNox Corporation)
S3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
S3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
R1 YSDrv; C:\Windows\System32\DRIVERS\YSDrv.sys [270608 2017-10-18] (BigNox Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-22 20:56 - 2017-10-22 20:57 - 000022440 _____ C:\Users\Workshop\Desktop\FRST.txt
2017-10-22 20:56 - 2017-10-22 20:56 - 000000000 ____D C:\FRST
2017-10-22 15:54 - 2017-10-20 07:37 - 002402816 _____ (Farbar) C:\Users\Workshop\Desktop\FRST64.exe
2017-10-22 15:52 - 2017-10-22 16:23 - 000000000 ____D C:\Users\Workshop\Downloads\Filthy Talker Ass-bleeped In Strict Bondage
2017-10-21 09:45 - 2017-10-21 09:45 - 000000948 _____ C:\Users\Workshop\Desktop\AdwCleaner[S0].txt
2017-10-21 09:43 - 2017-10-21 09:45 - 000000000 ____D C:\AdwCleaner
2017-10-21 09:43 - 2017-10-21 09:43 - 000180726 _____ C:\Users\Workshop\Desktop\rk_2ED8.tmp.txt
2017-10-21 09:18 - 2017-10-21 09:18 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-10-21 09:17 - 2017-10-21 09:44 - 000000000 ____D C:\ProgramData\RogueKiller
2017-10-21 09:17 - 2017-10-21 09:17 - 000000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-10-21 09:17 - 2017-10-21 09:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-10-21 09:17 - 2017-10-21 09:17 - 000000000 ____D C:\Program Files\RogueKiller
2017-10-21 09:17 - 2017-10-20 22:15 - 008250832 _____ (Malwarebytes) C:\Users\Workshop\Desktop\adwcleaner_7.0.3.1.exe
2017-10-21 09:16 - 2017-10-21 09:16 - 035965768 _____ (Adlice Software ) C:\Users\Workshop\Desktop\setup.exe
2017-10-21 08:30 - 2017-10-22 16:20 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-10-21 08:30 - 2017-10-22 15:11 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-10-21 08:30 - 2017-10-22 15:11 - 000045504 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-10-21 08:30 - 2017-10-21 08:30 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-10-21 08:30 - 2017-10-21 08:30 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-21 08:30 - 2017-10-21 08:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-21 08:29 - 2017-10-21 08:29 - 071535032 _____ (Malwarebytes ) C:\Users\Workshop\Desktop\mb3-setup-1878.1878-3.2.2.2029.exe
2017-10-20 23:05 - 2017-10-20 23:04 - 000110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2017-10-20 22:40 - 2017-10-20 22:40 - 000003351 _____ C:\DelFix.txt
2017-10-20 22:40 - 2017-10-20 22:40 - 000000000 ____D C:\Windows\ERUNT
2017-10-20 11:15 - 2017-10-20 10:16 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\97741639.sys
2017-10-20 11:13 - 2017-10-20 11:13 - 000393864 _____ C:\Windows\Minidump\102017-8751-01.dmp
2017-10-20 11:13 - 2017-10-20 11:13 - 000000000 ____D C:\Windows\Minidump
2017-10-20 11:08 - 2017-10-20 11:08 - 000002890 _____ C:\Windows\SysWOW64\BroomData.bit
2017-10-20 11:08 - 2013-04-08 15:30 - 000022752 _____ C:\Windows\system32\PCloudBroom64.exe
2017-10-20 10:18 - 2017-10-22 15:11 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-10-20 09:45 - 2017-10-20 09:45 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\4772F498.sys
2017-10-20 09:30 - 2017-10-20 09:30 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\269561E0.sys
2017-10-20 09:07 - 2017-10-20 10:27 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-10-20 09:07 - 2017-10-20 09:07 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\2F35C15E.sys
2017-10-20 08:29 - 2017-10-18 19:23 - 000270608 _____ (BigNox Corporation) C:\Windows\system32\Drivers\YSDrv.sys
2017-10-19 22:59 - 2017-10-19 22:59 - 000002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-10-19 22:59 - 2017-10-19 22:59 - 000000000 ____D C:\ProgramData\Sophos
2017-10-19 22:59 - 2017-10-19 22:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-10-19 22:18 - 2017-10-19 22:44 - 000001248 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2017-10-19 22:18 - 2017-10-19 22:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2017-10-19 22:18 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\DasPtct.SYS
2017-10-19 22:18 - 2015-01-29 18:21 - 000050320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2017-10-19 16:27 - 2017-10-19 22:12 - 000000000 ____D C:\Users\Workshop\AppData\Local\ESET
2017-10-19 15:56 - 2017-10-19 15:56 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-10-19 15:04 - 2017-10-19 15:04 - 000000000 ____D C:\Users\Workshop\AppData\Local\CrashDumps
2017-10-18 19:09 - 2017-10-20 10:27 - 000000000 ____D C:\Users\Workshop\AppData\Local\usoepiz
2017-10-18 19:09 - 2017-10-20 08:25 - 000000000 ____D C:\Users\Workshop\AppData\Local\mscdvxz
2017-10-18 18:13 - 2017-10-20 10:15 - 002843648 _____ C:\Windows\system32\spmcwhisvc.exe
2017-10-18 18:12 - 2017-10-18 18:12 - 000000020 _____ C:\Windows\b23089256
2017-10-18 18:12 - 2017-10-18 18:12 - 000000000 ____D C:\Windows\SysWOW64\nihaxgt
2017-10-18 18:12 - 2017-10-18 18:12 - 000000000 ____D C:\Windows\system32\nihaxgt
2017-10-18 18:12 - 2017-10-18 18:12 - 000000000 ____D C:\Users\Workshop\AppData\Roaming\et
2017-10-18 18:11 - 2017-10-18 18:11 - 000140800 _____ C:\Users\Workshop\AppData\Local\installer.dat
2017-10-18 09:38 - 2017-10-10 18:07 - 000057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-10-18 09:26 - 2017-10-06 06:32 - 000531904 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-10-18 09:26 - 2017-10-06 06:32 - 000437696 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-10-18 09:26 - 2017-10-06 04:52 - 000136312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-10-18 09:26 - 2017-10-06 04:44 - 005960312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-10-18 09:26 - 2017-10-06 04:44 - 002587584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-10-18 09:26 - 2017-10-06 04:44 - 001766520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-10-18 09:26 - 2017-10-06 04:44 - 000607168 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-10-18 09:26 - 2017-10-06 04:44 - 000449656 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-10-18 09:26 - 2017-10-06 04:44 - 000122816 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-10-18 09:26 - 2017-10-06 04:44 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-10-18 09:26 - 2017-09-29 08:02 - 008257351 _____ C:\Windows\system32\nvcoproc.bin
2017-10-18 09:26 - 2017-09-13 16:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-10-18 09:26 - 2017-09-13 16:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-10-18 09:26 - 2017-09-13 16:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll
2017-10-18 09:26 - 2017-09-13 16:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe
2017-10-18 09:25 - 2017-10-09 05:20 - 001615472 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-10-18 09:25 - 2017-10-09 05:20 - 000225208 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-10-18 09:25 - 2017-10-09 05:20 - 000045496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 040237176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 036184000 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 035156600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 029228480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 023261256 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 021738976 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 019035344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 019008624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 018203456 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 016751224 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-10-18 09:25 - 2017-10-06 06:32 - 015024912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 013863000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 013251240 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 011777952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 010880672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 004283120 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 003807864 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 003796960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 003346368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 001988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438792.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 001606776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438792.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 001135280 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 001098360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 001030264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000981112 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000932472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000885496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000615360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000527104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000505976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000492048 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000444328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000407248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000171896 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000154392 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000149736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000132256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-10-18 09:25 - 2017-10-06 06:32 - 000046182 _____ C:\Windows\system32\nvinfo.pb
2017-10-18 09:25 - 2017-10-06 06:32 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-10-18 09:25 - 2017-10-06 06:32 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2017-10-18 09:20 - 2017-10-18 09:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-10-18 09:20 - 2017-10-18 09:20 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-18 09:20 - 2017-10-18 09:20 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-18 09:20 - 2017-10-18 09:20 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-18 09:20 - 2017-10-18 09:20 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-18 09:20 - 2017-10-18 09:20 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-18 09:20 - 2017-10-18 09:20 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-18 09:20 - 2017-10-18 09:20 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-18 09:20 - 2017-10-18 09:20 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-18 09:20 - 2017-10-18 09:20 - 000001013 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-10-18 09:20 - 2017-10-18 09:20 - 000000000 ____D C:\Users\Workshop\AppData\Local\CEF
2017-10-18 09:20 - 2017-10-10 16:26 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-10-18 09:20 - 2017-10-06 05:17 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2017-10-18 09:08 - 2017-10-10 18:07 - 000918976 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2017-10-18 09:08 - 2015-05-18 20:29 - 000046768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-10-18 09:08 - 2015-05-18 20:14 - 000061616 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-10-18 09:08 - 2015-05-18 20:14 - 000057520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-10-16 09:17 - 2017-10-16 09:17 - 000000066 _____ C:\Users\Workshop\inittk.ini
2017-10-16 09:16 - 2017-10-21 18:49 - 000000000 ____D C:\Users\Workshop\.BigNox
2017-10-16 09:16 - 2017-10-16 22:50 - 000000890 _____ C:\Users\Workshop\Desktop\Multi-Drive.lnk
2017-10-16 09:16 - 2017-10-16 13:23 - 000000929 _____ C:\Users\Workshop\Desktop\Nox.lnk
2017-10-14 12:45 - 2017-10-14 12:45 - 000433141 _____ C:\Users\Workshop\Desktop\Cell Bill.pdf
2017-10-13 13:01 - 2017-10-20 11:13 - 589546060 _____ C:\Windows\MEMORY.DMP
2017-10-11 15:55 - 2017-10-11 15:55 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-11 15:55 - 2017-10-04 13:15 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-10-11 00:16 - 2017-10-11 00:16 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-10-10 18:43 - 2017-09-13 08:33 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-10-10 18:43 - 2017-09-13 08:32 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-10-10 18:43 - 2017-09-13 08:32 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-10-10 18:43 - 2017-09-13 08:32 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-10-10 18:43 - 2017-09-13 08:32 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-10-10 18:43 - 2017-09-13 08:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000886272 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-10-10 18:43 - 2017-09-13 08:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-10-10 18:43 - 2017-09-13 08:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-10-10 18:43 - 2017-09-13 08:10 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-10-10 18:43 - 2017-09-13 08:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 08:05 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-10-10 18:43 - 2017-09-13 08:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-10-10 18:43 - 2017-09-13 08:00 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-10-10 18:43 - 2017-09-13 08:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-10-10 18:43 - 2017-09-13 08:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-10-10 18:43 - 2017-09-13 07:57 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-10-10 18:43 - 2017-09-13 07:56 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-10-10 18:43 - 2017-09-13 07:53 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-10-10 18:43 - 2017-09-13 07:53 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-10-10 18:43 - 2017-09-13 07:53 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-10-10 18:43 - 2017-09-13 07:52 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-10-10 18:43 - 2017-09-13 07:52 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-10-10 18:43 - 2017-09-13 07:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-10-10 18:43 - 2017-09-13 07:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-10-10 18:43 - 2017-09-13 07:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-10-10 18:43 - 2017-09-13 07:46 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-10-10 18:43 - 2017-09-13 07:46 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-10-10 18:43 - 2017-09-13 07:46 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 07:46 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 07:46 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 07:46 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-10-10 18:43 - 2017-09-13 07:46 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-10-10 18:43 - 2017-09-08 17:45 - 000395984 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-10-10 18:43 - 2017-09-08 16:47 - 000347344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-10-10 18:43 - 2017-09-08 08:34 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-10-10 18:43 - 2017-09-08 08:30 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-10-10 18:43 - 2017-09-08 08:30 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-10-10 18:43 - 2017-09-08 08:30 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-10-10 18:43 - 2017-09-08 08:30 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-10-10 18:43 - 2017-09-08 08:30 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-10-10 18:43 - 2017-09-08 08:30 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-10-10 18:43 - 2017-09-08 08:30 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-10-10 18:43 - 2017-09-08 08:30 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-10-10 18:43 - 2017-09-08 08:30 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-10-10 18:43 - 2017-09-08 08:30 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-10-10 18:43 - 2017-09-08 08:30 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-10-10 18:43 - 2017-09-08 08:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-10-10 18:43 - 2017-09-08 08:14 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-10-10 18:43 - 2017-09-08 08:13 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-10-10 18:43 - 2017-09-08 08:13 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-10-10 18:43 - 2017-09-08 08:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-10-10 18:43 - 2017-09-08 08:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-10-10 18:43 - 2017-09-08 08:10 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-10-10 18:43 - 2017-09-08 08:10 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-10-10 18:43 - 2017-09-08 08:09 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-10-10 18:43 - 2017-09-08 08:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-10-10 18:43 - 2017-09-08 08:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-10-10 18:43 - 2017-09-08 08:09 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-10-10 18:43 - 2017-09-08 08:09 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-10-10 18:43 - 2017-09-08 08:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-10-10 18:43 - 2017-09-08 08:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-10-10 18:43 - 2017-09-08 08:00 - 003222016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-10-10 18:43 - 2017-09-08 08:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-10-10 18:43 - 2017-09-08 08:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-10-10 18:43 - 2017-09-08 07:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-10-10 18:43 - 2017-09-08 07:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-10-10 18:43 - 2017-09-08 07:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-10-10 18:43 - 2017-09-08 07:20 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-10-10 18:43 - 2017-09-08 07:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-10-10 18:43 - 2017-09-07 14:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-10-10 18:43 - 2017-09-07 14:37 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-10-10 18:43 - 2017-09-07 14:19 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-10-10 18:43 - 2017-09-07 14:18 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-10-10 18:43 - 2017-09-07 14:18 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-10-10 18:43 - 2017-09-07 14:17 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-10-10 18:43 - 2017-09-07 14:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-10-10 18:43 - 2017-09-07 14:15 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-10-10 18:43 - 2017-09-07 14:08 - 025729536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-10-10 18:43 - 2017-09-07 14:08 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-10-10 18:43 - 2017-09-07 14:07 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-10-10 18:43 - 2017-09-07 14:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-10-10 18:43 - 2017-09-07 14:01 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-10-10 18:43 - 2017-09-07 14:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-10-10 18:43 - 2017-09-07 14:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-10-10 18:43 - 2017-09-07 14:00 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-10-10 18:43 - 2017-09-07 13:52 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-10-10 18:43 - 2017-09-07 13:48 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-10-10 18:43 - 2017-09-07 13:40 - 005982208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-10-10 18:43 - 2017-09-07 13:39 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-10-10 18:43 - 2017-09-07 13:38 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-10-10 18:43 - 2017-09-07 13:37 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-10-10 18:43 - 2017-09-07 13:33 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-10-10 18:43 - 2017-09-07 13:32 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-10-10 18:43 - 2017-09-07 13:29 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-10-10 18:43 - 2017-09-07 13:27 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-10-10 18:43 - 2017-09-07 13:13 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-10-10 18:43 - 2017-09-07 13:10 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-10-10 18:43 - 2017-09-07 13:10 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-10-10 18:43 - 2017-09-07 13:08 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-10-10 18:43 - 2017-09-07 13:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-10-10 18:43 - 2017-09-07 12:44 - 015262720 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-10-10 18:43 - 2017-09-07 12:40 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-10-10 18:43 - 2017-09-07 12:27 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-10-10 18:43 - 2017-09-07 12:27 - 001548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-10-10 18:43 - 2017-09-07 12:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-10-10 18:43 - 2017-09-07 12:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-10-10 18:43 - 2017-09-07 12:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-10-10 18:43 - 2017-09-07 12:10 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-10-10 18:43 - 2017-09-07 12:10 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-10-10 18:43 - 2017-09-07 12:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-10-10 18:43 - 2017-09-07 12:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-10-10 18:43 - 2017-09-07 12:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-10-10 18:43 - 2017-09-07 12:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-10-10 18:43 - 2017-09-07 12:02 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-10-10 18:43 - 2017-09-07 11:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-10-10 18:43 - 2017-09-07 11:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-10-10 18:43 - 2017-09-07 11:58 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-10-10 18:43 - 2017-09-07 11:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-10-10 18:43 - 2017-09-07 11:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-10-10 18:43 - 2017-09-07 11:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-10-10 18:43 - 2017-09-07 11:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-10-10 18:43 - 2017-09-07 11:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-10-10 18:43 - 2017-09-07 11:40 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-10-10 18:43 - 2017-09-07 11:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-10-10 18:43 - 2017-09-07 11:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-10-10 18:43 - 2017-09-07 11:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-10-10 18:43 - 2017-09-07 11:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-10-10 18:43 - 2017-09-07 11:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-10-10 18:43 - 2017-09-07 11:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-10-10 18:43 - 2017-09-07 11:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-10-10 18:43 - 2017-09-07 11:25 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-10-10 18:43 - 2017-09-07 11:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-10-10 18:43 - 2017-09-07 11:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-10-10 18:43 - 2017-09-07 10:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-10-10 18:43 - 2017-09-07 10:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-10-10 18:43 - 2017-09-07 08:31 - 002851328 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2017-10-10 18:43 - 2017-09-07 08:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2017-10-10 18:43 - 2017-09-07 07:55 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-10-10 18:43 - 2017-09-07 07:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-10-10 18:43 - 2017-09-07 07:55 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-10-10 18:43 - 2017-08-19 08:28 - 004121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-10-10 18:43 - 2017-08-19 08:28 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-10-10 18:43 - 2017-08-19 08:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-10-10 18:43 - 2017-08-19 08:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-10-10 18:43 - 2017-08-19 08:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-10-10 18:43 - 2017-08-19 08:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-10-10 18:43 - 2017-08-19 08:08 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-10-10 18:43 - 2017-08-19 08:08 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-10-10 18:43 - 2017-08-19 07:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-10-10 18:43 - 2017-08-19 07:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-10-10 18:43 - 2017-08-14 10:35 - 001032192 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-10-10 18:43 - 2017-08-14 10:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-10-10 18:43 - 2017-08-14 10:35 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-10-10 18:43 - 2017-08-13 14:45 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-10-04 17:10 - 2017-10-04 17:42 - 000000000 ____D C:\Users\Workshop\Downloads\Freaks VS Big Dick 5
2017-09-23 15:11 - 2017-09-23 15:11 - 000520687 _____ C:\Users\Workshop\Desktop\Page4.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-22 20:57 - 2016-11-23 15:12 - 000000000 ____D C:\Users\Workshop\AppData\LocalLow\Mozilla
2017-10-22 20:56 - 2016-12-23 18:47 - 000000000 ____D C:\Users\Workshop\AppData\Local\JDownloader v2.0
2017-10-22 20:41 - 2009-07-13 21:45 - 000019680 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-22 20:41 - 2009-07-13 21:45 - 000019680 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-22 15:16 - 2009-07-13 22:13 - 000799374 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-22 15:16 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2017-10-22 15:11 - 2015-04-29 13:18 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-22 15:11 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-22 05:40 - 2017-02-11 10:20 - 000000000 ____D C:\Users\Workshop\AppData\Local\Nox
2017-10-21 18:50 - 2015-06-26 12:19 - 000000000 ____D C:\Users\Workshop\.android
2017-10-21 18:49 - 2017-02-11 10:21 - 000000000 ____D C:\Users\Workshop\vmlogs
2017-10-21 15:00 - 2017-03-28 20:40 - 000000000 ____D C:\Users\Workshop\AppData\Roaming\Kodi
2017-10-21 13:05 - 2016-06-09 08:17 - 000000000 ____D C:\Users\Workshop\AppData\Roaming\ICQ
2017-10-21 09:42 - 2015-04-24 17:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs
2017-10-21 08:30 - 2015-02-24 17:46 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-20 23:05 - 2015-06-26 12:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-10-20 23:05 - 2015-06-26 12:09 - 000000000 ____D C:\Program Files\Java
2017-10-20 23:05 - 2015-05-17 02:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-10-20 23:04 - 2016-01-21 17:29 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-10-20 23:04 - 2015-06-26 12:10 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-10-20 22:21 - 2015-02-16 22:01 - 000001139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-10-20 21:44 - 2015-02-18 11:43 - 000000000 ____D C:\Users\Workshop\AppData\Roaming\vlc
2017-10-20 11:10 - 2015-02-22 10:27 - 000114840 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2017-10-20 11:08 - 2015-06-26 12:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2017-10-20 10:27 - 2015-10-26 19:27 - 000000000 ____D C:\Users\Workshop\Desktop\JitBit.Macro.Recorder.v5.6.5.0.Keymaker-RNDD
2017-10-20 10:17 - 2009-07-13 19:34 - 032243712 _____ C:\Windows\system32\config\HARDWARE
2017-10-20 09:52 - 2015-02-18 19:41 - 001346186 _____ C:\Windows\ntbtlog.txt
2017-10-20 07:18 - 2015-02-18 20:05 - 000000000 ____D C:\Windows\pss
2017-10-20 06:39 - 2015-05-30 03:47 - 000002063 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-10-20 06:39 - 2015-05-30 03:47 - 000002063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-20 06:39 - 2015-02-16 21:10 - 000001291 _____ C:\Users\Workshop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-10-19 19:17 - 2015-10-16 08:53 - 000000000 ____D C:\Users\Workshop\Desktop\Windows 8.1 Pro Vl Update 3 x64 En-Us ESD Sept2015 Pre-activated-=TEAM OS=
2017-10-19 19:14 - 2015-11-02 14:21 - 000000000 ____D C:\Users\Workshop\Desktop\Malwarebytes Anti-Malware Premium 2.2.0.1024 Final Multilingual incl Keygen-=TEAM OS=-
2017-10-19 19:14 - 2015-10-28 14:25 - 000000000 ____D C:\Users\Workshop\Desktop\KMSpico v10.0.4 (Office and windows activator) [TechTools.NET]
2017-10-19 19:14 - 2015-10-27 19:31 - 000000000 ____D C:\Users\Workshop\Desktop\KMSpico 10.1.1 FINAL + Portable (Office and Windows 10 Activator) [TechTools.NET]
2017-10-19 19:14 - 2015-10-23 14:45 - 000000000 ____D C:\Users\Workshop\Desktop\adbFire
2017-10-19 08:19 - 2015-03-27 12:29 - 000000000 ____D C:\Users\Workshop\AppData\Roaming\uTorrent
2017-10-18 19:23 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\registration
2017-10-18 19:09 - 2016-02-15 04:22 - 000000000 ____D C:\Users\Workshop\AppData\LocalLow\uTorrent
2017-10-18 12:25 - 2015-03-28 15:31 - 000000000 ____D C:\Users\Workshop\AppData\Local\NVIDIA Corporation
2017-10-18 09:42 - 2015-04-29 14:14 - 000000000 ____D C:\Users\Workshop\AppData\Local\NVIDIA
2017-10-18 09:40 - 2017-02-11 10:21 - 000000000 ____D C:\Program Files\DIFX
2017-10-18 09:40 - 2015-02-21 00:15 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
2017-10-18 09:38 - 2015-02-16 22:28 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-10-18 09:38 - 2015-02-16 22:24 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-10-18 09:32 - 2015-11-06 02:45 - 000000000 ____D C:\Users\Workshop\Desktop\Helter Skelter
2017-10-18 09:26 - 2015-02-16 22:28 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-10-18 09:26 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\Help
2017-10-18 09:25 - 2015-04-29 14:38 - 000000000 ____D C:\Users\Workshop\AppData\Roaming\NVIDIA
2017-10-16 09:17 - 2015-02-16 21:09 - 000000000 ____D C:\Users\Workshop
2017-10-15 17:37 - 2016-10-20 14:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-15 17:37 - 2015-02-16 22:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-14 17:02 - 2017-09-16 19:38 - 000000632 _____ C:\Users\Workshop\.swfinfo
2017-10-11 09:51 - 2009-07-13 21:45 - 000442384 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-11 00:18 - 2015-05-12 19:12 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-10-11 00:18 - 2015-02-16 22:45 - 000000000 ____D C:\Windows\system32\MRT
2017-10-11 00:18 - 2009-07-13 19:34 - 000000513 _____ C:\Windows\win.ini
2017-10-11 00:16 - 2015-02-16 22:45 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-10-11 00:15 - 2015-02-16 22:28 - 000791496 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-10-11 00:12 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-10-10 18:07 - 2015-04-29 14:15 - 001796032 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-10-10 18:07 - 2015-04-29 14:15 - 001577920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-10-05 12:12 - 2015-11-13 14:32 - 000000000 ____D C:\Users\Workshop\Desktop\Scripts
2017-09-30 10:18 - 2017-04-28 20:11 - 000000000 ____D C:\Users\Workshop\AppData\Roaming\discord

==================== Files in the root of some directories =======

2016-03-02 10:33 - 2016-03-04 20:32 - 000002157 _____ () C:\Users\Workshop\AppData\Roaming\Ultima Mapper Client.xml
2017-10-18 18:11 - 2017-10-18 18:11 - 000140800 _____ () C:\Users\Workshop\AppData\Local\installer.dat
2015-02-18 20:04 - 2015-02-23 07:19 - 000007601 _____ () C:\Users\Workshop\AppData\Local\Resmon.ResmonCfg
2016-08-03 15:24 - 2016-08-03 15:24 - 000000000 _____ () C:\Users\Workshop\AppData\Local\run.txt
2016-08-03 15:26 - 2016-08-03 15:26 - 000000001 _____ () C:\Users\Workshop\AppData\Local\setupsuccessful.txt
2016-08-03 15:24 - 2016-08-03 15:26 - 000000000 _____ () C:\Users\Workshop\AppData\Local\stxtname.txt
2015-02-22 10:20 - 2017-08-07 15:13 - 000023875 _____ () C:\ProgramData\hpzinstall.log
2015-08-25 12:45 - 2015-08-25 12:45 - 000000148 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
2017-10-21 09:17 - 2017-09-13 08:31 - 001732864 _____ (Microsoft Corporation) C:\Users\Workshop\AppData\Local\Temp\dllnt_dump.dll
2017-10-20 23:04 - 2017-10-20 23:04 - 001856576 _____ (Oracle Corporation) C:\Users\Workshop\AppData\Local\Temp\jre-8u151-windows-au.exe
2017-10-22 20:55 - 2017-10-22 20:55 - 000040448 ____N () C:\Users\Workshop\AppData\Local\Temp\proxy_vole3502229694632557405.dll
2017-10-22 20:56 - 2017-10-22 20:56 - 000040448 ____N () C:\Users\Workshop\AppData\Local\Temp\proxy_vole3815689318976551095.dll
2017-10-22 20:55 - 2017-10-22 20:55 - 000040448 ____N () C:\Users\Workshop\AppData\Local\Temp\proxy_vole5071919564549166696.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-28 01:03

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2017 01
Ran by Workshop (22-10-2017 20:57:24)
Running from C:\Users\Workshop\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-02-17 04:09:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2105914770-4202919322-4210220155-500 - Administrator - Disabled)
Guest (S-1-5-21-2105914770-4202919322-4210220155-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2105914770-4202919322-4210220155-1002 - Limited - Enabled)
Workshop (S-1-5-21-2105914770-4202919322-4210220155-1000 - Administrator - Enabled) => C:\Users\Workshop

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\...\uTorrent) (Version: 3.4.5.41801 - BitTorrent Inc.)
6300 (HKLM-x32\...\{BC39DBA4-D1B7-483C-BA0D-9EB0BB0B6DCF}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
6300_Help (HKLM-x32\...\{BDEDBDD9-C97B-4333-B7BE-6979A34F6F74}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
6300Trb (HKLM-x32\...\{17271AB7-D7EC-4a95-9861-FAFE5A4664AD}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.14 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\{1194343F-ACFE-4AB4-B1C0-C1E913B729BF}_is1) (Version: 3.8.2662 - Microsoft Studios, Tolyak26)
AIO_CDB_ProductContext (HKLM-x32\...\{E7112940-5F8E-4918-B9FE-251F2F8DC81F}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (HKLM-x32\...\{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 387.92 - NVIDIA Corporation) Hidden
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version:  - Cheat Engine)
Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell System Detect (HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\...\73f463568823ebbe) (Version: 6.7.0.2 - Dell)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
Discord (HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Fax (HKLM-x32\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.238 - SurfRight B.V.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (HKLM-x32\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM-x32\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
ICQ (version 10.0.12243) (HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\...\icq.desktop) (Version: 10.0.12243 - ICQ)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Jitbit Macro Recorder (HKLM-x32\...\{2D57FB4E-6277-4A6D-8739-304C38051B89}) (Version: 1.0.0 - JitBit)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Kodi (HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\...\Kodi) (Version:  - XBMC-Foundation)
Magestorm (HKLM-x32\...\Magestorm) (Version: 1.3.0.0 - Magestorm)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 56.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0.1 (x64 en-US)) (Version: 56.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.1.6484 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Nox APP Player (HKLM-x32\...\Nox) (Version: 5.2.0.0 - Duodian Technology Co. Ltd.)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 387.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 387.92 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 387.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 387.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Origin (HKLM-x32\...\Origin) (Version: 10.0.1.31806 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.10 - Panda Security)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5931 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.20.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.20.0 - Adlice Software)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16011.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16011.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Shark007 Standard Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 2.6.0 - Shark007)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Silent 3ditor (v0.9.9) (HKLM-x32\...\{42258A5E-3399-43FE-8169-46336BCB79DA}) (Version: 0.9.9 - skwas)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17022.20 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17022.20 - Samsung Electronics Co., Ltd.)
SmartWebPrinting (HKLM-x32\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.80.4.50 - Conexant Systems)
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Ultima Mapper Maps Installer version 1.0 (HKLM-x32\...\{EC5E2244-DB33-4A0A-80CF-541AD29D4AD7}_is1) (Version: 1.0 - CyphersTECH Consulting)
Ultima Online 2D Client (HKLM-x32\...\{0F25F02B-854E-49B3-8F68-6D27CE4D477E}) (Version: 5.0.9 - EA Games)
Ultima Online Classic Client (HKLM-x32\...\Ultima Online Classic) (Version:  - Electronic Arts)
Ultima Online Enhanced Client (HKLM-x32\...\Ultima Online Enhanced) (Version:  - Electronic Arts)
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
UOCartographer 0.9 (HKLM-x32\...\UOCartographer 0.9) (Version:  - UOCartographer.com)
UOS version 1.0.5 (HKLM-x32\...\{FC6804BE-B90F-4C2B-BF21-6A4063C8FD4C}_is1) (Version: 1.0.5 - UOS, Team.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Webcam Video Capture 7.0 (HKLM-x32\...\WVCSetup7.0.0_is1) (Version: 7.0.0 - Webcam Simulator)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Driver Package - BigNox Corporation YSDrv System  (01/20/2017 4.3.12) (HKLM\...\1FF524CF3E58304F349D809470EC4A689914A4D5) (Version: 01/20/2017 4.3.12 - BigNox Corporation)
x64Components v2.6.0 (HKLM\...\Standard x64Components_is1) (Version: 2.6.0 - Shark007)
Xvid MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version:  - Xvid Development Team)
Youtube Downloader HD v. 2.9.9.21 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2105914770-4202919322-4210220155-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2105914770-4202919322-4210220155-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2105914770-4202919322-4210220155-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2105914770-4202919322-4210220155-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2105914770-4202919322-4210220155-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2105914770-4202919322-4210220155-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2105914770-4202919322-4210220155-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> D:\Program Files (x86)\Google\Update\1.3.33.5\psmachine_64.dll (Google Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext64.dll [2010-03-15] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext64.dll [2010-03-15] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-06] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext64.dll [2010-03-15] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2010-03-15] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E3E113A-6DE3-4463-8196-4C52A57BE760} - System32\Tasks\{84A7EED4-6428-46FD-9538-734970E41154} => D:\Program Files (x86)\Kodi\kodi.exe [2017-05-24] (XBMC-Foundation)
Task: {16E4BB5D-6C16-4DEF-B44A-A4FDAEE69991} - System32\Tasks\GoogleUpdateTaskMachineCore => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-30] (Google Inc.)
Task: {1F970D3E-9A65-40CB-A993-9217D8CCA160} - System32\Tasks\GoogleUpdateTaskMachineUA1d1a597beb143c2 => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-30] (Google Inc.)
Task: {257FCCBB-75C8-4A9B-931C-334F22B87379} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {2C9A7463-1F75-45A3-B0F2-8958CBC2E241} - System32\Tasks\GoogleUpdateTaskMachineUA => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-30] (Google Inc.)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {2F85691A-F17A-4B3A-9D2D-2C204318BE80} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {36FFBBB5-3921-4D0C-BAB4-2C84C34B4AEA} - System32\Tasks\GoogleUpdateTaskMachineCore1d1a597bea3d610 => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-30] (Google Inc.)
Task: {370F4EC2-7B76-4E81-9878-21C9E6293BC5} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {4C93818A-4AB4-45DC-BA2F-8EB4BCD82B05} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {4D9548EE-D1E3-4CE1-8A7B-C9469FE5F174} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)
Task: {4E04F7E4-5BF9-4D9E-805A-5EE8D98A9145} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
Task: {564322B8-5F70-4EFB-9217-6BF28F9CD84C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5AFC3741-6918-491B-AFB7-3A00A30D773A} - no filepath
Task: {64BE2CAF-765E-4392-9D96-6AAADCDAA69B} - System32\Tasks\{518314D5-B467-4288-A1F8-636D8981136B} => D:\Program Files (x86)\Kodi\kodi.exe [2017-05-24] (XBMC-Foundation)
Task: {78F70B05-340E-4AEF-B211-3B72D098C734} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {7DF7C294-E3BD-43E2-BBA2-55FF2E571548} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {8AF0601A-87D9-4620-8671-EB27A1DDE158} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {98BE40CC-9302-496A-B15F-F752B4AB3703} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B2E7CFAF-AF7A-481D-8577-2B56BD723531} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {C03B33B6-F8CE-431A-AF97-CFF619D1E079} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D749FD04-AB33-4403-9E11-54587007D7CA} - no filepath
Task: {EA9CCEF9-40F8-44B3-9B9C-D925E4A25D1C} - System32\Tasks\{06081E75-20A4-45A1-97E9-AFFA3625D565} => C:\Windows\system32\pcalua.exe -a "D:\Users\Jaye B\Favorites\Downloads\REALTEK_ALC269-HD-AUDIO_VJ0P8_A13_SETUP_ZPE.exe" -d "D:\Users\Jaye B\Favorites\Downloads"
Task: {F384EC5B-EA4C-409B-B1F9-0404A6878EB5} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {F911E106-6E60-4682-90A7-66BE33856162} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Workshop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ\icq.com.lnk -> hxxp://www.icq.com

==================== Loaded Modules (Whitelisted) ==============

2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-03-25 15:12 - 2010-03-15 11:28 - 000052224 _____ () D:\Program Files\WinRAR\rarext64.dll
2017-10-18 09:20 - 2017-10-10 18:06 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-10-11 15:55 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-11 15:55 - 2017-10-04 13:15 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Workshop\Desktop\FMLA.tiff:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Workshop\Desktop\FMLA.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Workshop\Desktop\James'.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
AlternateDataStreams: C:\Users\Workshop\Desktop\James'.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Workshop\Desktop\Traffic Collision Report.tiff:3or4kl4x13tuuug3Byamue2s4b [91]
AlternateDataStreams: C:\Users\Workshop\Desktop\Traffic Collision Report.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Itaampeafe => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2017-10-19 15:54 - 000000053 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Workshop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^delmer.lnk => C:\Windows\pss\delmer.lnk.Startup
MSCONFIG\startupreg: GoogleChromeAutoLaunch_AB2C22941BC097AF48F7EF399C790E84 => "D:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: issa => "D:\Program Files (x86)\frieden\issa.exe"
MSCONFIG\startupreg: ouster => "D:\Program Files (x86)\Unopened\sportscaster.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EE2C15E5-98A1-4F84-B742-2875C2118C98}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{93F1EDC4-68A4-42D8-B7E2-28FEBDB18265}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F7E11A88-0B72-435D-99E7-D2B1BD072FC2}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{A61C5014-AEE6-4B90-ADD1-9C541DCB6A79}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{C041173C-EF7F-423A-95E7-6BF22A1D98D1}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{8ACFB105-502C-4BD2-806F-049A29FD4427}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{061BDC95-0578-4CF9-9ED1-928B66F531B4}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{DEE202DC-ADBB-4376-8217-0BE90728B03C}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{17E886BD-F43E-49C2-9B80-6448AE1D8899}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{6DAB9FA4-1815-48A7-8D17-5C6DEFCF77AF}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{64A1135E-1A42-4C9F-B861-EEF3F67F43A0}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{91986B83-04E2-4642-8471-F9DD1DBD6AB2}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{85BDE38E-5D18-407A-91C7-F2EE9D1F16DD}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{5D3AC1EF-66CF-4A1C-85A1-401E1AD42BB6}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{1483EA3D-3314-4080-9405-4AFD7A48BFAA}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{4D50EBE7-77CF-4CF7-8F47-AC02E5227FC2}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{2D1D3DF9-2CE4-4FAD-8E90-4678B16368A3}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{4F36A837-DA98-48A5-93AE-AF32CA519951}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{C0784718-A34D-4F84-84A9-654629B04AF9}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [TCP Query User{C6E764ED-2D6B-40FF-9F5A-FDCFF06B6E8B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{BFB4DDBC-4A0F-49B8-A2E7-FA2D6E960959}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E9BF9760-52E0-4570-AC2B-ED0A13823498}] => (Allow) D:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{57788CF8-5B4C-4FD7-976D-8BA057E52D6C}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [UDP Query User{7EE39F9D-7652-4C8A-A4B4-7B69793B05AC}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [{3D391034-0746-441F-BA28-CA6624C3E6D5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{93AF82C5-8726-40E3-ABF6-9EAD137ED2D6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{ED257053-F4A8-447F-9856-D8D98C2537EF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1C33DEA8-FCE1-4ACC-934C-CAADA2854987}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3E5E55B5-B94B-4F61-8FD2-61A24882DBBE}] => (Allow) D:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{1C6370D5-9496-4AB9-BEBE-E52A79FD4203}D:\program files\kodi\kodi.exe] => (Allow) D:\program files\kodi\kodi.exe
FirewallRules: [UDP Query User{F19752C2-EFF2-47DB-9140-920AC0F7F238}D:\program files\kodi\kodi.exe] => (Allow) D:\program files\kodi\kodi.exe
FirewallRules: [{F69A59C4-19CF-4C59-90AC-EF358FCAC10E}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{9FF662FA-FE39-4EF8-8B47-54C64235D623}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{61F3126B-C748-4086-9258-9C80603CD9C9}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{2445FBE4-4FA0-4FAA-AA62-75B322B8F98E}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{C5BFFDA8-6E01-474D-8A5E-6E4B4CADA486}] => (Allow) D:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{6E239913-5330-436A-A698-7FA9AB3354ED}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{E06746A6-4DA9-4C1A-BAC4-4697279DAE30}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{462BFB14-5246-4B87-9960-77221643AE84}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{C4C6F386-A58A-4FE2-BD78-5CAB338072A5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{7237DD1F-FE81-4B5A-A69E-0BB9A230297E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{50CDB8DC-0B65-4700-AA69-C82E44704CC6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{BA7DB374-7E55-4F34-BDB1-74910B2462C3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E80D5659-6085-4F81-A54B-1C4267D729B1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{FEF5F58E-99A7-45CD-BE5E-9C3F4ABC01CE}C:\games\electronic arts\ultima online classic\client.exe] => (Allow) C:\games\electronic arts\ultima online classic\client.exe
FirewallRules: [UDP Query User{40226D87-7017-41CC-A50D-683184FD1EC1}C:\games\electronic arts\ultima online classic\client.exe] => (Allow) C:\games\electronic arts\ultima online classic\client.exe
FirewallRules: [TCP Query User{7CD7E08C-268A-425C-83CA-859A9144CE59}C:\games\electronic arts\ultima online classic\client - copy.exe] => (Allow) C:\games\electronic arts\ultima online classic\client - copy.exe
FirewallRules: [UDP Query User{2C048787-4312-4F3B-908A-EFC3D117C49E}C:\games\electronic arts\ultima online classic\client - copy.exe] => (Allow) C:\games\electronic arts\ultima online classic\client - copy.exe
FirewallRules: [TCP Query User{F1284992-A821-4E11-B0E4-F559AC8E7A71}C:\users\workshop\desktop\uoam\uoam.exe] => (Block) C:\users\workshop\desktop\uoam\uoam.exe
FirewallRules: [UDP Query User{D0521BDB-C017-4CAF-9F9C-62EE0542468A}C:\users\workshop\desktop\uoam\uoam.exe] => (Block) C:\users\workshop\desktop\uoam\uoam.exe
FirewallRules: [{DC847766-B9D6-4F57-A64D-6585B5B95B5B}] => (Allow) C:\Users\Workshop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3046B0F5-716B-4439-9841-64C5A8ECA5B5}] => (Allow) C:\Users\Workshop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D68EFE35-DCD9-4C84-9834-F44807A03D26}] => (Allow) C:\Users\Workshop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0B63DFDF-77C6-45BA-BA2F-2E0EE084C645}] => (Allow) C:\Users\Workshop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D6545FA9-63C7-43A2-92FD-AC9F097B1FD4}] => (Allow) C:\Users\Workshop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{841CDB29-0C83-46F4-968D-CD4E40FB5CC8}] => (Allow) C:\Users\Workshop\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C2CAD8E4-3576-48CC-9F04-02B621465631}] => (Allow) LPort=1688
FirewallRules: [{4C3C141A-B314-45BA-85C6-C4022DF14912}] => (Allow) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{C41D2CBB-244E-4F59-A292-15F43AE770EE}C:\games\electronic arts\ultima online enhanced\uosa.exe] => (Allow) C:\games\electronic arts\ultima online enhanced\uosa.exe
FirewallRules: [UDP Query User{862D7D47-6E66-45D4-AB8F-1001B369AC68}C:\games\electronic arts\ultima online enhanced\uosa.exe] => (Allow) C:\games\electronic arts\ultima online enhanced\uosa.exe
FirewallRules: [TCP Query User{FC0E1638-BFB8-4938-AEC2-9A93FD3E7091}D:\program files (x86)\kodi\kodi.exe] => (Allow) D:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{47BC19B7-3BE1-4AB6-B440-81DF5459734D}D:\program files (x86)\kodi\kodi.exe] => (Allow) D:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{087E9E22-5E46-4F0E-9442-FFDDFC4E64EC}D:\program files (x86)\google\chrome\application\chrome334.exe] => (Block) D:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [UDP Query User{1F5446A1-E27E-49B2-A51F-137688E5B87E}D:\program files (x86)\google\chrome\application\chrome334.exe] => (Block) D:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [TCP Query User{2C124B8D-6907-4B52-AFE0-A38FCD2F1C56}C:\users\workshop\desktop\uo stealth\stealth.exe] => (Allow) C:\users\workshop\desktop\uo stealth\stealth.exe
FirewallRules: [UDP Query User{8789D2B4-DE9B-421B-AFE8-49EF58B64049}C:\users\workshop\desktop\uo stealth\stealth.exe] => (Allow) C:\users\workshop\desktop\uo stealth\stealth.exe
FirewallRules: [{4B680C92-6414-4118-B390-26FBE157AE38}] => (Allow) D:\Program Files (x86)\Nox\bin\Nox.exe
FirewallRules: [{CE2C274A-8411-4778-9613-B6973E5CF03C}] => (Allow) D:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [{45D589DC-ABF5-4ECA-82C1-8FB224B1B6CD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{03864624-F00D-4B56-801A-A996E6BDB1E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{4D783BB5-8468-4C61-AAA9-7A2F3682DC2D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{AD79F09D-C494-43A3-B758-1B003AA2E33F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{FEC6A8B1-EB52-4E9E-8C5A-38651373CC8F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AB400FDB-7EAA-49F4-95F2-01BCECAE4CDB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{87DA73B3-6DE3-4C01-86E9-78CA66F4E944}] => (Allow) D:\Program Files (x86)\Unopened\sportscaster.exe
FirewallRules: [{A36F5AA3-E2AE-4BE6-BE70-DA3DF61B272B}] => (Allow) D:\Program Files (x86)\Lars\sportscaster.exe

==================== Restore Points =========================

11-10-2017 00:12:48 Windows Update
19-10-2017 15:56:06 Checkpoint by HitmanPro
19-10-2017 22:58:58 Installed Sophos Virus Removal Tool.
20-10-2017 10:17:18 Malwarebytes Anti-Rootkit Restore Point
20-10-2017 22:16:45 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Officejet 6300 series
Description: Officejet 6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/20/2017 07:09:26 AM) (Source: Wininit) (EventID: 1015) (User: )
Description: A critical system process, C:\Windows\system32\lsass.exe, failed with status code 1.  The machine must now be restarted.

Error: (10/19/2017 03:56:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Quoteex since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (10/19/2017 03:56:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Background Logic Handler since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (10/19/2017 03:56:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Application Experience Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (10/19/2017 03:00:39 PM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-11-18T21:54:39Z. Error Code: 0x80041321.

Error: (10/19/2017 02:58:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cgsinoh.exe, version: 1.0.1.5, time stamp: 0x59cdbcd5
Faulting module name: pepflashplayer.dll, version: 22.0.0.192, time stamp: 0x575f29cf
Exception code: 0x40000015
Fault offset: 0x00834f52
Faulting process id: 0x1324
Faulting application start time: 0x01d34924e8e5f51d
Faulting application path: C:\Users\Workshop\AppData\Local\usoepiz\cgsinoh.exe
Faulting module path: C:\Users\Workshop\AppData\Local\usoepiz\pepflashplayer.dll
Report Id: 9a616026-b518-11e7-9c4a-782bcba3edd2

Error: (10/18/2017 07:09:25 PM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-11-18T02:03:25Z. Error Code: 0x80041321.

Error: (10/18/2017 08:20:49 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: Event-ID 2001

Error: (10/18/2017 08:20:49 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: Event-ID 2001

Error: (10/18/2017 08:20:49 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: Event-ID 2001


System errors:
=============
Error: (10/22/2017 03:11:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/22/2017 03:11:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (10/22/2017 03:11:17 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.

Error: (10/22/2017 03:11:17 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.

Error: (10/21/2017 09:47:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/21/2017 09:47:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (10/21/2017 09:46:41 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.

Error: (10/21/2017 09:46:41 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.

Error: (10/21/2017 09:45:46 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/21/2017 09:45:45 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.


CodeIntegrity:
===================================
  Date: 2016-08-03 15:45:59.110
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-03 15:45:59.063
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-03 15:45:59.016
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-03 15:45:58.954
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-02 19:42:00.810
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-02 19:42:00.747
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-26 19:21:59.009
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-01 19:05:11.331
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22923_none_59d135b62990188b\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-01 19:05:11.175
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22923_none_59d135b62990188b\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-01 19:05:11.019
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22923_none_59d135b62990188b\appid.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 13%
Total physical RAM: 16341.05 MB
Available physical RAM: 14159.11 MB
Total Virtual: 19805.23 MB
Available Virtual: 17634.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.57 GB) (Free:70.45 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (HP) (Fixed) (Total:290.41 GB) (Free:10.53 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1599.57 GB) NTFS
Drive f: (Recovery) (Fixed) (Total:7.68 GB) (Free:0.87 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: () (Removable) (Total:29.71 GB) (Free:7.19 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 0099E65E)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 6D6A5291)
Partition 1: (Active) - (Size=223.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=290.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.7 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 29.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 AM

Posted 23 October 2017 - 09:28 AM

Almost done.

Disclaimer: The following cracks, loaders, etc. will be removed from your system when running this fix.
2017-10-19 19:17 - 2015-10-16 08:53 - 000000000 ____D C:\Users\Workshop\Desktop\Windows 8.1 Pro Vl Update 3 x64 En-Us ESD Sept2015 Pre-activated-=TEAM OS=
2017-10-19 19:14 - 2015-11-02 14:21 - 000000000 ____D C:\Users\Workshop\Desktop\Malwarebytes Anti-Malware Premium 2.2.0.1024 Final Multilingual incl Keygen-=TEAM OS=-
2017-10-19 19:14 - 2015-10-28 14:25 - 000000000 ____D C:\Users\Workshop\Desktop\KMSpico v10.0.4 (Office and windows activator) [TechTools.NET]
2017-10-19 19:14 - 2015-10-27 19:31 - 000000000 ____D C:\Users\Workshop\Desktop\KMSpico 10.1.1 FINAL + Portable (Office and Windows 10 Activator) [TechTools.NET]
I'm removing them because I've seen the malware you were infected with (SmartService) being bundled with such programs, so I'll be removing them by precaution. Keep in mind that using such programs is also illegal.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply
How's your system behaving? Are there any other issues to address?

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 itsnotyouitsme

itsnotyouitsme
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 23 October 2017 - 01:45 PM

The system appears to be running without issue.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-10-2017 01
Ran by Workshop (23-10-2017 11:42:23) Run:1
Running from C:\Users\Workshop\Desktop
Loaded Profiles: Workshop (Available Profiles: Workshop)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> E:\Users\JAYEB~1\FAVORI~1\DOWNLO~1\RKILL~1.SCR
GroupPolicy: Restriction <==== ATTENTION

Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {370F4EC2-7B76-4E81-9878-21C9E6293BC5} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {8AF0601A-87D9-4620-8671-EB27A1DDE158} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B2E7CFAF-AF7A-481D-8577-2B56BD723531} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {EA9CCEF9-40F8-44B3-9B9C-D925E4A25D1C} - System32\Tasks\{06081E75-20A4-45A1-97E9-AFFA3625D565} => C:\Windows\system32\pcalua.exe -a "D:\Users\Jaye B\Favorites\Downloads\REALTEK_ALC269-HD-AUDIO_VJ0P8_A13_SETUP_ZPE.exe" -d "D:\Users\Jaye B\Favorites\Downloads"
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

AlternateDataStreams: C:\Users\Workshop\Desktop\FMLA.tiff:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Workshop\Desktop\FMLA.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Workshop\Desktop\James'.jpeg:3or4kl4x13tuuug3Byamue2s4b [91]
AlternateDataStreams: C:\Users\Workshop\Desktop\James'.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Workshop\Desktop\Traffic Collision Report.tiff:3or4kl4x13tuuug3Byamue2s4b [91]
AlternateDataStreams: C:\Users\Workshop\Desktop\Traffic Collision Report.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Itaampeafe => ""="service"

MSCONFIG\startupreg: GoogleChromeAutoLaunch_AB2C22941BC097AF48F7EF399C790E84 => "D:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: issa => "D:\Program Files (x86)\frieden\issa.exe"
MSCONFIG\startupreg: ouster => "D:\Program Files (x86)\Unopened\sportscaster.exe"

FirewallRules: [{87DA73B3-6DE3-4C01-86E9-78CA66F4E944}] => (Allow) D:\Program Files (x86)\Unopened\sportscaster.exe
FirewallRules: [{A36F5AA3-E2AE-4BE6-BE70-DA3DF61B272B}] => (Allow) D:\Program Files (x86)\Lars\sportscaster.exe

D:\Program Files (x86)\frieden
D:\Program Files (x86)\Lars
D:\Program Files (x86)\Unopened
C:\ProgramData\Microsoft Toolkit
2017-10-19 19:17 - 2015-10-16 08:53 - 000000000 ____D C:\Users\Workshop\Desktop\Windows 8.1 Pro Vl Update 3 x64 En-Us ESD Sept2015 Pre-activated-=TEAM OS=
2017-10-19 19:14 - 2015-11-02 14:21 - 000000000 ____D C:\Users\Workshop\Desktop\Malwarebytes Anti-Malware Premium 2.2.0.1024 Final Multilingual incl Keygen-=TEAM OS=-
2017-10-19 19:14 - 2015-10-28 14:25 - 000000000 ____D C:\Users\Workshop\Desktop\KMSpico v10.0.4 (Office and windows activator) [TechTools.NET]
2017-10-19 19:14 - 2015-10-27 19:31 - 000000000 ____D C:\Users\Workshop\Desktop\KMSpico 10.1.1 FINAL + Portable (Office and Windows 10 Activator) [TechTools.NET]
C:\Users\Workshop\AppData\Local\mscdvxz
C:\Users\Workshop\AppData\Local\usoepiz
C:\Users\Workshop\AppData\Local\installer.dat
C:\Users\Workshop\AppData\Roaming\et
C:\Windows\b23089256
C:\Windows\system32\spmcwhisvc.exe
C:\Windows\system32\nihaxgt
2017-10-20 11:15 - 2017-10-20 10:16 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\97741639.sys
2017-10-20 09:45 - 2017-10-20 09:45 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\4772F498.sys
2017-10-20 09:30 - 2017-10-20 09:30 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\269561E0.sys
2017-10-20 09:07 - 2017-10-20 09:07 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\2F35C15E.sys
C:\Windows\SysWOW64\nihaxgt

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKU\S-1-5-21-2105914770-4202919322-4210220155-1000\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{370F4EC2-7B76-4E81-9878-21C9E6293BC5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{370F4EC2-7B76-4E81-9878-21C9E6293BC5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8AF0601A-87D9-4620-8671-EB27A1DDE158} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AF0601A-87D9-4620-8671-EB27A1DDE158} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2E7CFAF-AF7A-481D-8577-2B56BD723531} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2E7CFAF-AF7A-481D-8577-2B56BD723531} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA9CCEF9-40F8-44B3-9B9C-D925E4A25D1C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA9CCEF9-40F8-44B3-9B9C-D925E4A25D1C} => key removed successfully
C:\Windows\System32\Tasks\{06081E75-20A4-45A1-97E9-AFFA3625D565} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{06081E75-20A4-45A1-97E9-AFFA3625D565} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => key removed successfully
C:\Users\Workshop\Desktop\FMLA.tiff => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\Workshop\Desktop\FMLA.tiff => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\Workshop\Desktop\James'.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\Workshop\Desktop\James'.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\Workshop\Desktop\Traffic Collision Report.tiff => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\Workshop\Desktop\Traffic Collision Report.tiff => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Itaampeafe => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_AB2C22941BC097AF48F7EF399C790E84 => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\issa => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ouster => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{87DA73B3-6DE3-4C01-86E9-78CA66F4E944} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A36F5AA3-E2AE-4BE6-BE70-DA3DF61B272B} => value removed successfully
D:\Program Files (x86)\frieden => moved successfully
D:\Program Files (x86)\Lars => moved successfully
D:\Program Files (x86)\Unopened => moved successfully
C:\ProgramData\Microsoft Toolkit => moved successfully
C:\Users\Workshop\Desktop\Windows 8.1 Pro Vl Update 3 x64 En-Us ESD Sept2015 Pre-activated-=TEAM OS= => moved successfully
C:\Users\Workshop\Desktop\Malwarebytes Anti-Malware Premium 2.2.0.1024 Final Multilingual incl Keygen-=TEAM OS=- => moved successfully
C:\Users\Workshop\Desktop\KMSpico v10.0.4 (Office and windows activator) [TechTools.NET] => moved successfully
C:\Users\Workshop\Desktop\KMSpico 10.1.1 FINAL + Portable (Office and Windows 10 Activator) [TechTools.NET] => moved successfully
C:\Users\Workshop\AppData\Local\mscdvxz => moved successfully
C:\Users\Workshop\AppData\Local\usoepiz => moved successfully
C:\Users\Workshop\AppData\Local\installer.dat => moved successfully
C:\Users\Workshop\AppData\Roaming\et => moved successfully
C:\Windows\b23089256 => moved successfully
C:\Windows\system32\spmcwhisvc.exe => moved successfully
C:\Windows\system32\nihaxgt => moved successfully
C:\Windows\system32\Drivers\97741639.sys => moved successfully
C:\Windows\system32\Drivers\4772F498.sys => moved successfully
C:\Windows\system32\Drivers\269561E0.sys => moved successfully
C:\Windows\system32\Drivers\2F35C15E.sys => moved successfully
C:\Windows\SysWOW64\nihaxgt => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 197043204 B
Java, Flash, Steam htmlcache => 1324 B
Windows/system/drivers => 26641 B
Edge => 0 B
Chrome => 7096896 B
Firefox => 116653076 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33058 B
systemprofile32 => 33058 B
LocalService => 285112 B
NetworkService => 197820 B
Workshop => 61875390 B

RecycleBin => 0 B
EmptyTemp: => 377.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:42:35 ====



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 AM

Posted 23 October 2017 - 06:35 PM

Awesome!

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.
  • Download DelFix and move the executable to your Desktop
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Check the following options :
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Once all the options mentionned above are checked, click on Run
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply
Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (and also 0-days) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eF2jhaz.pngUCheck, eLDnJfI.pngSecuniaPSI and y5YE7At.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.Anti-Virus, Anti-Malware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (which also includes an Anti-Virus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

Anti-VirusAnti-Malware
  • j1Bynr2.pngMalwarebytes - Has both a free and paid version. The Premium version of Malwarebytes also offers Exploit and Ransomware protection, for a complete package of: Malware, Web, Exploit and Ransomware protection
  • S2NFpNw.pngHitmanPro 3 - Free 30 day trial
  • ncqvIpu.pngZemana AntiMalware - Free 30 day trial
Firewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.
  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages)
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it
Anti-Exploit/Anti-RansomwareWeb Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.
  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and most Chromium and Firefox-based browsers)
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera)
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers)
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers)
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera)
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser)
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :The End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 itsnotyouitsme

itsnotyouitsme
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 23 October 2017 - 09:51 PM

No, thank you. I greatly appreciate your assistance!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users